PHP Classes
PHP Classes
elePHPant
Icontem

Faster PHP Social Login with a PHP OpenID Connect PHP Client - PHP OAuth Library package blog

Recommend this page to a friend!
  All package blogs All package blogs   PHP OAuth Library PHP OAuth Library   Blog PHP OAuth Library package blog   RSS 1.0 feed RSS 2.0 feed   Blog Faster PHP Social Log...  
  Post a comment Post a comment   See comments See comments (2)   Trackbacks (0)  

Author:

Updated on: 2017-04-09

Posted on:

Package: PHP OAuth Library

Many applications use OAuth authenticate users using their information retrieved from social network accounts with their permission.

However, each social network requires an additional API call to retrieve those user details. That API call is specific to each network, so its URL and parameters vary.

OpenID Connect is an extension of the OAuth2 protocol that allows to retrieve the user details without additional API calls.

Read this article to learn how it works and how you can benefit from OpenID Connect to get the user details faster without social network specific API calls.




Contents

How PHP Social Login can be Implemented with a PHP OAuth Client?

What is OpenID?

The Limitations of OpenID

OpenID versus OAuth

What is OpenID Connect? Combining the Best of OAuth and OpenID

How to implement a Social Login PHP Application using OpenID Connect PHP OAuth Client?

Download the PHP OAuth Library to Benefit from this OpenID Connect PHP Client



Faster PHP Social Login with a PHP OpenID Connect PHP OAuth Library

How PHP Social Login can be Implemented with a PHP OAuth Client?

As you may know, OAuth is a protocol that allows applications to call Web site APIs on behalf of the users of those sites, so you can create applications that extend the powers of those sites with your application code features.

Frequently, OAuth is used to perform what we call Social Login. This means the users may be registered and login in new sites using details they have already entered in social network sites, so they do not need to enter their password again if they are already logged in the social network sites.

What is OpenID?

OpenID is a protocol for single sign-on. That means that multiple sites can use a common account system to keep the the records of registered users and authenticate them when they login.

Many sites use a single sign-on system like for instance Google. I am not sure if Google specifically uses OpenID as single sign-on protocol, but they should use at least a similar protocol because you can login for instance in Gmail with the same account as in YouTube.

The PHP Classes site also uses a single sign-on system since 2010 when JS Classes site was launched. The idea is that PHP Classes users do not have to register again to login in JS Classes. So they only have one account and one password.

The Limitations of OpenID

The way OpenID works is by redirecting the users from the site they access, for instance PHP Classes, to a central account site, in the case Icontem Accounts. The user registers or logs in there and then he is redirected back to the PHP Classes site.

The redirection URL contains values of the user account, like his name, email address and other values. This way PHP Classes receives only the user account details that matter. The user password is not passed back because it is only necessary on the Icontem Accounts site for authentication.

The problem of this approach is that sometimes the redirection URL gets too long when using the OpenID protocol. Sometimes mobile device browsers and proxies truncate long URLs and the information passed in the URL is lost, so the single sign-on process cannot be completed.

OpenID versus OAuth

OAuth is a protocol simlar to OpenID but works in a slightly different way. The user is also redirected to the main application site on which he is also authenticated. When he is done, he is also redirected back to the original site.

The main difference is that the URL to redirect back to the original site returns a token string value that will be used to retrieve the final to access token. That access token will be used by the original site to call the main site API and get the user details, among other operations that can be performed.

What is OpenID Connect? Combining the Best of OAuth and OpenID

As you may understand after retrieving the OAuth access token, the main site application still needs to perform an API call to get the current user details, like the name, email address, etc..

OpenID Connect is basically just an extension OAuth 2. The main difference is that OAuth 2 servers that understand the OpenID Connect specification, also return the user details that applications requested.

That is done using a return value called id_token. It is a encoded response value that contains the requested user details and a cryptographic hash, so your application can verify if the user details have not been tampered.

How to implement a Social Login PHP Application using OpenID Connect PHP OAuth Client?

Fortunately you do not need to fully understand the technical explanations above to implement an application that uses OAuth and OpenID Connect to implement a Social Login solution in PHP.

All you need to do is to use the PHP OAuth client class like in any other OAuth application that uses this class to get the user details.

Let's take a look the login_with_microsoft_openid_connect.php example script. If you want to access any other social login  site API, like for instance Google, the example code that follows is basically the same.

First create an object of the class and set the server type, so the class reads the respective API URLs and other options from a configuration file.

$client = new oauth_client_class;
$client->server = 'MicrosoftOpenIDConnect';

Set the redirect_uri to the current page URL.

$client->redirect_uri = 'https://'.$_SERVER['HTTP_HOST'].
    dirname( strtok( $_SERVER['REQUEST_URI'], '?' ) ).
    '/login_with_microsoft_openid_connect.php';

Set your OAuth application client and secret credentials.

$client->client_id = 'your application client ID';
$client->client_secret = 'your application client secret';

Set the scope values to openid and other types of user details you want to retrieve.

$client->scope = 'openid email profile';

Call the usual Initialize, Process and Finalize functions to let the class do everything for you

if(($success = $client->Initialize()))
{
    if(($success = $client->Process()))
    {

Make any other API calls here if you need them. Otherwise, leave this empty.

    }
    $success = $client->Finalize($success);
}

If the class needs to redirect to the API server site, you need to exit the script here immediately

if($client->exit)
	exit;

If all went well. Do something useful with the user details accessing the id_token class variable.

if($success)
{
    echo '<h1>', HtmlSpecialChars($client->id_token->name),
        ' you have logged in successfully ',
        'with Microsoft OpenID Connect!</h1>';
    echo '<pre>', HtmlSpecialChars( print_r( $client->id_token, 1)), '</pre>';
}
else
{
    echo '<pre>Error: ', echo HtmlSpecialChars($client->error), '</pre>';
}

Download the PHP OAuth Library to Benefit from this OpenID Connect PHP Client

The PHP OAuth library can be downloaded and installed from a ZIP archive or using the PHP composer tool.

If you liked this article, share it with other developer friends. Post a comment below if you have questions or want to express your opinion about this article.




You need to be a registered user or login to post a comment

1,442,463 PHP developers registered to the PHP Classes site.
Be One of Us!

Login Immediately with your account on:

FacebookGmail
HotmailStackOverflow
GitHubYahoo


Comments:

1. I tried this library - Rob Lindman (2017-03-21 14:12)
perhaps some cleanup is needed... - 1 reply
Read the whole comment and replies



  Post a comment Post a comment   See comments See comments (2)   Trackbacks (0)  
  All package blogs All package blogs   PHP OAuth Library PHP OAuth Library   Blog PHP OAuth Library package blog   RSS 1.0 feed RSS 2.0 feed   Blog Faster PHP Social Log...