March 1, 2021
Hot Topics:

Authenticating Users with OpenID and the Zend Framework

  • By W. Jason Gilmore
  • Send Email »
  • More Articles »

Creating the Login Code

Next up is the index method, found in the LoginController controller. This method is responsible for processing the authentication request, which takes place in two steps:

  1. Once the login form is posted, the Zend_OpenId_Consumer::login() method will seek out the address of the OpenID provider based on the address provided in the form. If found, an authentication request is prepared and sent to that provider.
  2. At this point, the authentication process is in the hands of the provider, which will prompt the user to provide his OpenID login and password if no session currently exists. Once complete, the request is routed back to the caller with the authentication status. The script can check this status, and determine what to do from there.

Listing 2: The Login controller's index method

 * Logs the user in to the website
public function indexAction()

   // If the login form has been posted, redirect the user to the
   // identified OpenID provider, allowing the user to complete
   // the authentication process
   if ($this->getRequest()->isPost()) {

      $consumer = new Zend_OpenId_Consumer();

      if (!$consumer->login($this->_request->
          getPost('openid_id'))) {
          die("OpenID login failed.");

   // After the user authenticates, the OpenID server will redirect
   // the user back to the calling script, along with various
   // information confirming the user's identity (or lack thereof)
   } elseif ($this->_request->getParam('openid_mode') != "") {

      if ($this->_request->getParam('openid_mode') == "id_res") {

         $consumer = new Zend_OpenId_Consumer();
         if ($consumer->verify($_GET, $id)) {
            $this->view->success = TRUE;
         } else {
            $this->view->success = FALSE;

      } elseif ($this->_request->getParam('openid_mode') ==
         "cancel") {
         $this->view->success = FALSE;



Retrieving the User's OpenID Profile

Once the user is successfully logged in, you can optionally retrieve profile information the user has identified as being shareable, for instance his zip code.

To retrieve data residing in the user's profile, you'll need to both declare your intent to do so within both steps of the authentication process (via both the Zend_OpenId_Consumer::login() and Zend_OpenId_Consumer::verify() methods). To begin, add this line to the script, above the isPost() method, because you'll need it for both steps:

$profile = new Zend_OpenId_Extension_Sreg(array(
   'postcode'=>true), null, 1.1);

Next, pass $profile into both the login() and verify() methods:

if (!$consumer->login($this->_request->getPost('openid_id'),
   null, null, $profile)) {
   die("OpenID login failed.");
if ($consumer->verify($_GET, $id, $profile)) {

Once the authentication request has been verified, you can call the getProperties() method to create an array containing the desired profile data:

$props = $profile->getProperties();
$this->view->zipcode = $props["postcode"];

Verifying Authentication and Logging the User Out

Of course, once authenticated you'll want to provide facilities for both transparently verifying authentication as the user moves from one part of the website to the next. This is done by creating an OpenID adapter that implements the Zend Framework's Auth adapter interface. It's surprisingly easy to do, and you'll find the code at the bottom of this page.

Where to From Here?

Integrating OpenID into your website removes a major hassle not only for users who have grown weary of keeping track of usernames and passwords, but also eliminates the need for you to write and maintain the code for dealing with tasks such as lost passwords. For further information, check out the following resources for more information about OpenID and the Zend Framework's implementation:

About the Author

Jason Gilmore is the founder of a Web development and consulting firm based out of Columbus, Ohio. Formerly Apress' open source editor, Jason fostered the development of more than 60 books, along the way helping to transform their open source line into one of the industry's most respected publishing programs. He's the author of several books, including the best-selling Beginning PHP and MySQL: From Novice to Professional (currently in its third edition), Beginning PHP and PostgreSQL: From Novice to Professional, and Beginning PHP and Oracle: From Novice to Professional.

Jason is cofounder of CodeMash, a nonprofit organization tasked with hosting an annual namesake developer's conference, and was a member of the 2008 MySQL Conference speaker selection board. Jason has over 100 articles to his credit within prominent publications such as Developer.com, Linux Magazine, and TechTarget.

Page 2 of 2

This article was originally published on October 30, 2008

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date