OpenID auth is pretty easy to do in a very quick and very dirty fashion, which I guess is better than nothing until there is an integrated package for it. I’m not sure how secure the code below is so don’t run it in production but it might help you make your own thing until a package is produced.
There is also a package on a thread somewhere around that is a lot better than this (some of the code below is lifted from that package), but for whatever reason it wouldn’t work with me, and I specifically want to auth against yahoo (and only yahoo). I think there is some problems with the JanRain lib and yahoo according to the interwebs but that could just be background static...
Grab the lightopenid client from
http://gitorious.org/lightopenid
Create a plugin onWebAuthentication
$result = $_SESSION["openidauth"];
$modx->event->_output = false;
if ( $result == 'authenticationOK' ) {
$modx->event->_output = true;
}
return;
and then a snippet (e.g. for yahoo)
<?php
require 'openid.php';
try {
$openid = new LightOpenID;
if ( (!$openid->mode) && isset($_GET['login']) ) {
$openid->required = array('namePerson/friendly', 'contact/email');
$openid->identity = 'https://www.yahoo.com';
header('Location: ' . $openid->authUrl());
return;
} elseif ( (!$openid->mode) && isset($_GET['logout']) ) {
$response = $modx->executeProcessor(array(
'action' => 'logout',
'location' => 'security'
));
$url = $modx->makeUrl($modx->documentIdentifier);
session_destroy(); //Not sure about needing this line but it seems safer...
header('Location: '.$url);
return;
} elseif (!$openid->mode) {
if ($modx->user->get('id') != 0) {
$username = $modx->user->get('username');
$out .= "<p>You are logged in as: $username</p>";
$out .= "<p><a href='[[~[[*id]]]]?logout'>logout</a></p>";
return $out;
} else {
$out = "<p><a href='[[~[[*id]]]]?login'>login with yahoo ()</a></p>";
return $out;
}
} elseif ($openid->mode == 'cancel') {
echo 'User has canceled authentication!';
return false;
} elseif ($openid->mode == 'id_res') {
$att = $openid->getAttributes();
$username = explode("@",$att['contact/email']);
$username = $username[0];
$_SESSION["openidauth"] = 'authenticationOK';
$_POST['username'] = $username;
$response = $modx->executeProcessor(array(
'action' => 'login',
'location' => 'security'
));
$url = $modx->makeUrl($modx->documentIdentifier);
header('Location: '.$url);
}
} catch(ErrorException $e) {
echo $e->getMessage();
}