In addition to authentication, the OpenID standard can be used for lightweight profile exchange to make information about a user portable across multiple sites. This feature is not covered by the OpenID authentication specification, but by the OpenID Simple Registration Extension protocol. This protocol allows OpenID-enabled sites to ask for information about end users from OpenID providers. Such information may include:
nickname - any UTF-8 string that the end user uses as a nickname
email - the email address of the user as specified in section 3.4.1 of RFC2822
fullname - a UTF-8 string representation of the user's full name
dob - the user's date of birth in the format 'YYYY-MM-DD'. Any values whose representation uses fewer than the specified number of digits in this format should be zero-padded. In other words, the length of this value must always be 10. If the end user does not want to reveal any particular part of this value (i.e., year, month or day), it must be set to zero. For example, if the user wants to specify that his date of birth falls in 1980, but not specify the month or day, the value returned should be '1980-00-00'.
gender - the user's gender: "M" for male, "F" for female
postcode - a UTF-8 string that conforms to the postal system of the user's country
country - the user's country of residence as specified by ISO3166
language - the user's preferred language as specified by ISO639
timezone - an ASCII string from a TimeZone database. For example, "Europe/Paris" or "America/Los_Angeles".
An OpenID-enabled web site may ask for any combination of these
fields. It may also strictly require some information and allow users
to provide or hide additional information. The following example instantiates
the Zend_OpenId_Extension_Sreg class, requiring
a nickname and optionally requests
an email and a fullname.
Example 629. Sending Requests with a Simple Registration Extension
<?php
$sreg = new Zend_OpenId_Extension_Sreg(array(
'nickname'=>true,
'email'=>false,
'fullname'=>false), null, 1.1);
$consumer = new Zend_OpenId_Consumer();
if (!$consumer->login($_POST['openid_identifier'],
'example-6_3.php',
null,
$sreg)) {
die("OpenID login failed.");
}
As you can see, the Zend_OpenId_Extension_Sreg
constructor accepts an array of OpenID fields. This array has the names of
fields as indexes to a flag indicating whether the field is required;
TRUE means the field is required and
FALSE means the field is optional. The
Zend_OpenId_Consumer::login method accepts an extension or an
array of extensions as its fourth argument.
On the third step of authentication, the
Zend_OpenId_Extension_Sreg object should be passed to
Zend_OpenId_Consumer::verify. Then on successful authentication
the Zend_OpenId_Extension_Sreg::getProperties method will return
an associative array of requested fields.
Example 630. Verifying Responses with a Simple Registration Extension
<?php
$sreg = new Zend_OpenId_Extension_Sreg(array(
'nickname'=>true,
'email'=>false,
'fullname'=>false), null, 1.1);
$consumer = new Zend_OpenId_Consumer();
if ($consumer->verify($_GET, $id, $sreg)) {
echo "VALID " . htmlspecialchars($id) ."<br>\n";
$data = $sreg->getProperties();
if (isset($data['nickname'])) {
echo "nickname: " . htmlspecialchars($data['nickname']) . "<br>\n";
}
if (isset($data['email'])) {
echo "email: " . htmlspecialchars($data['email']) . "<br>\n";
}
if (isset($data['fullname'])) {
echo "fullname: " . htmlspecialchars($data['fullname']) . "<br>\n";
}
} else {
echo "INVALID " . htmlspecialchars($id);
}
If the Zend_OpenId_Extension_Sreg object was created without any
arguments, the user code should check for the existence of the required
data itself. However, if the object is created with the same list of
required fields as on the second step, it will automatically check for the existence
of required data. In this case, Zend_OpenId_Consumer::verify
will return FALSE if any of the required fields are
missing.
Zend_OpenId_Extension_Sreg uses version
1.0 by default, because the specification for version 1.1 is not yet finalized.
However, some libraries don't fully support version 1.0. For example,
www.myopenid.com requires an SREG namespace in requests which is only
available in 1.1. To work with such a server, you must explicitly set the version to
1.1 in the Zend_OpenId_Extension_Sreg constructor.
The second argument of the Zend_OpenId_Extension_Sreg
constructor is a policy URL, that should be provided to the user by
the identity provider.