|
|
 sootsnoot - 2015-04-19 16:04:36 - In reply to message 10 from sootsnootActually, I finally figured it out, and answered the question myself. Too long to post the full answer here, but the gist is that the openid_id is actually contained within the id_token that is returned along with the access_token. I don't know why I didn't see it when I used the google tool to decode it back in post #8, but it's there now.
So for my purposes, I don't actually need to call any google apis at all. I just need to arrange for the class to pass openid.realm=<my-realm> on the authentication request, then:
if(($success = $client->Initialize()))
{
$client->store_access_token_response = true;
if(($success = $client->Process()))
{
if(strlen($client->authorization_error))
{
$client->error = $client->authorization_error;
$success = false;
}
elseif(strlen($client->access_token))
{
decode_the_id_token($client->access_token_response)
Since the id_token contains the email, openid_id, and sub, that's all I need to update existing user entries in the database. My own site has the user enter their name and other profile info, so I don't think there's any reason to get that info from google.
sootsnoot - 2015-04-24 06:06:12 - In reply to message 11 from sootsnootAs noted, I've got a working solution to the problem I had.
But I wanted to get back to your comment in reply 5 about the oauth_configuration.json file.
I wasn't aware of it when I was in the throes of getting code to work, but now that I've got that done, I went back and looked at it and have a couple of questions:
You suggested defining a new server there as a better way to implement the changes to oauth_client.php that I showed in reply 4. But having looked at the content of oauth_configuration.json, I can see how to use it to update endpoints, but I really don't see how changes to that file could possibly handle the addition of the openid.realm parameter, whose value needs to be provided by the code that instantiates oauth_client_class, and which needs to be url-encoded.
Do you have a suggestion for how to do that without editing oauth_client.php?
BTW, I was impressed by the long list of provider sites supported. Initially I was going to comment that you had LinkedIn using OAuth 1.0a, while I knew it supported 2.0, but then I saw that the json file defines a "LinkedIn2" server for OAuth2. Very cool.
Then I also noticed that the json file has a "Twitter2" server using OAuth 2.0. Does Twitter officially support that? Looking at their current official documentation, I'm still seeing OAuth 1.0a...
Thanks for your patience with this long topic :-)
 Manuel Lemos - 2015-04-24 08:14:51 - In reply to message 12 from sootsnootYes, to add the REALM parameter in the URL, the main class needs to be changed. Anyway, I just updated it to support the realm parameter.
Twitter supports OAuth 2 just for application only authentication, so you can make API calls on behalf of an application without requiring any user authorization. I have explained that in this article.
phpclasses.org/blog/package/7700/po ... |
