LightOpenIDProvider
Using this class, you can easily set up an OpenID Provider.
It's independent of LightOpenID class. It requires either GMP or BCMath for session encryption, but will work without them (although either via SSL, or in stateless mode only). Also, it requires PHP >= 5.1.2
This is an alpha version, using it in production code is not recommended, until you are sure that it works and is secure.
Please send me messages about your testing results (even if successful, so I know that it has been tested). Also, if you think there's a way to make it easier to use, tell me -- it's an alpha for a reason. Same thing applies to bugs in code, suggestions, and everything else you'd like to say about the library.
There's no usage documentation here, see the examples.
- Full name:
\LightOpenIDProvider - This class is an Abstract class
Properties
xrdsLocation
serverLocation
select_id
assoc_lifetime
dh
ns
data
assoc
default_modulus
default_gen
ax_to_sreg
add
mul
pow
mod
div
powmod
Methods
checkid
Checks whether an user is authenticated.
The function should determine what fields it wants to send to the RP, and put them in the $attributes array.
- This method is abstract.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$realm |
string | Realm used for authentication. |
$attributes |
array |
Return Value:
OP-local identifier of an authenticated user, or an empty value.
setup
Displays an user interface for inputting user's login and password.
Attributes are always AX field namespaces, with stripped host part. For example, the $attributes array may be: array( 'required' => array('namePerson/friendly', 'contact/email'), 'optional' => array('pref/timezone', 'pref/language')
- This method is abstract.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$identity |
string | Discovered identity string. May be used to extract login, unless using $this->select_id |
$realm |
string | Realm used for authentication. |
$assoc_handle |
mixed | |
$attributes |
mixed |
setAssoc
Stores an association.
If you want to use php sessions in your provider code, you have to replace it.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$handle |
string | Association handle -- should be used as a key. |
$assoc |
array | Association data. |
getAssoc
Retreives association data.
If you want to use php sessions in your provider code, you have to replace it.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$handle |
string | Association handle. |
Return Value:
Association data.
delAssoc
Deletes an association.
If you want to use php sessions in your provider code, you have to replace it.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$handle |
string | Association handle. |
redirect
Redirects the user to an url.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$location |
string | The url that the user will be redirected to. |
assoc_handle
Generates a new association handle.
shared_secret
Generates a random shared secret.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$hash |
mixed |
keygen
Generates a private key.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$length |
int | Length of the key. |
__construct
xrds
Displays an XRDS document, or redirects to it.
By default, it detects whether it should display or redirect automatically.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$force |
bool|null | When true, always display the document, when false always redirect. |
xrdsContent
Returns the content of the XRDS document
Return Value:
The XRDS document.
server
Does everything that a provider has to -- in one function.
checkRealm
ax
sreg
verify
Aids an RP in assertion verification.
Return Value:
Information whether the verification suceeded.
associate
Performs association with an RP.
generateAssociation
Creates a private association.
dh
Encrypts the MAC key using DH key exchange.
x_or
XORs two strings.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$a |
string | |
$b |
string |
Return Value:
$a ^ $b
response
Prepares an indirect response url.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$params |
array | Parameters to be sent. |
errorResponse
Outputs a direct error.
positiveResponse
Sends an positive assertion.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$identity |
string | the OP-Local Identifier that is being authenticated. |
$attributes |
array | User attributes to be sent. |
responseAttributes
Prepares an array of attributes to send
Parameters:
| Parameter | Type | Description |
|---|---|---|
$attributes |
mixed |
keyValueForm
Encodes fields in key-value form.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$params |
array | Fields to be encoded. |
Return Value:
$params in key-value form.
cancel
Responds with an information that the user has canceled authentication.
b64dec
Converts base64 encoded number to it's decimal representation.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$str |
string | base64 encoded number. |
Return Value:
Decimal representation of that number.
decb64
Complements b64dec.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$num |
mixed |
__call
Parameters:
| Parameter | Type | Description |
|---|---|---|
$name |
mixed | |
$args |
mixed |
Automatically generated on 2025-03-18