PhpRiot
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...


When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

Simple Registration Extension

In addition to authentication, the OpenID standard can be used for lightweight profile exchange to make information about a user portable across multiple sites. This feature is not covered by the OpenID authentication specification, but by the OpenID Simple Registration Extension protocol. This protocol allows OpenID-enabled sites to ask for information about end users from OpenID providers. Such information may include:

  • nickname - any UTF-8 string that the end user uses as a nickname

  • email - the email address of the user as specified in section 3.4.1 of RFC2822

  • fullname - a UTF-8 string representation of the user's full name

  • dob - the user's date of birth in the format 'YYYY-MM-DD'. Any values whose representation uses fewer than the specified number of digits in this format should be zero-padded. In other words, the length of this value must always be 10. If the end user does not want to reveal any particular part of this value (i.e., year, month or day), it must be set to zero. For example, if the user wants to specify that his date of birth falls in 1980, but not specify the month or day, the value returned should be '1980-00-00'.

  • gender - the user's gender: "M" for male, "F" for female

  • postcode - a UTF-8 string that conforms to the postal system of the user's country

  • country - the user's country of residence as specified by ISO3166

  • language - the user's preferred language as specified by ISO639

  • timezone - an ASCII string from a TimeZone database. For example, "Europe/Paris" or "America/Los_Angeles".

An OpenID-enabled web site may ask for any combination of these fields. It may also strictly require some information and allow users to provide or hide additional information. The following example instantiates the Zend_OpenId_Extension_Sreg class, requiring a nickname and optionally requests an email and a fullname.

Example 647. Sending Requests with a Simple Registration Extension

<?php
$sreg 
= new Zend_OpenId_Extension_Sreg(array(
    
'nickname'=>true,
    
'email'=>false,
    
'fullname'=>false), null1.1);
$consumer = new Zend_OpenId_Consumer();
if (!
$consumer->login($_POST['openid_identifier'],
                      
'example-6_3.php',
                      
null,
                      
$sreg)) {
    die(
"OpenID login failed.");
}

As you can see, the Zend_OpenId_Extension_Sreg constructor accepts an array of OpenID fields. This array has the names of fields as indexes to a flag indicating whether the field is required; TRUE means the field is required and FALSE means the field is optional. The Zend_OpenId_Consumer::login method accepts an extension or an array of extensions as its fourth argument.

On the third step of authentication, the Zend_OpenId_Extension_Sreg object should be passed to Zend_OpenId_Consumer::verify. Then on successful authentication the Zend_OpenId_Extension_Sreg::getProperties method will return an associative array of requested fields.

Example 648. Verifying Responses with a Simple Registration Extension

<?php
$sreg 
= new Zend_OpenId_Extension_Sreg(array(
    
'nickname'=>true,
    
'email'=>false,
    
'fullname'=>false), null1.1);
$consumer = new Zend_OpenId_Consumer();
if (
$consumer->verify($_GET$id$sreg)) {
    echo 
"VALID " htmlspecialchars($id) ."<br>\n";
    
$data $sreg->getProperties();
    if (isset(
$data['nickname'])) {
        echo 
"nickname: " htmlspecialchars($data['nickname']) . "<br>\n";
    }
    if (isset(
$data['email'])) {
        echo 
"email: " htmlspecialchars($data['email']) . "<br>\n";
    }
    if (isset(
$data['fullname'])) {
        echo 
"fullname: " htmlspecialchars($data['fullname']) . "<br>\n";
    }
} else {
    echo 
"INVALID " htmlspecialchars($id);
}

If the Zend_OpenId_Extension_Sreg object was created without any arguments, the user code should check for the existence of the required data itself. However, if the object is created with the same list of required fields as on the second step, it will automatically check for the existence of required data. In this case, Zend_OpenId_Consumer::verify will return FALSE if any of the required fields are missing.

Zend_OpenId_Extension_Sreg uses version 1.0 by default, because the specification for version 1.1 is not yet finalized. However, some libraries don't fully support version 1.0. For example, www.myopenid.com requires an SREG namespace in requests which is only available in 1.1. To work with such a server, you must explicitly set the version to 1.1 in the Zend_OpenId_Extension_Sreg constructor.

The second argument of the Zend_OpenId_Extension_Sreg constructor is a policy URL, that should be provided to the user by the identity provider.

Zend Framework