Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...

When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

How Does it Work?

The purpose of the Zend_OpenId component is to implement the OpenID authentication protocol as described in the following sequence diagram:

  1. Authentication is initiated by the end user, who passes their OpenID identifier to the OpenID consumer through a User-Agent.

  2. The OpenID consumer performs normalization and discovery on the user-supplied identifier. Through this process, the consumer obtains the claimed identifier, the URL of the OpenID provider and an OpenID protocol version.

  3. The OpenID consumer establishes an optional association with the provider using Diffie-Hellman keys. As a result, both parties have a common "shared secret" that is used for signing and verification of the subsequent messages.

  4. The OpenID consumer redirects the User-Agent to the URL of the OpenID provider with an OpenID authentication request.

  5. The OpenID provider checks if the User-Agent is already authenticated and, if not, offers to do so.

  6. The end user enters the required password.

  7. The OpenID provider checks if it is allowed to pass the user identity to the given consumer, and asks the user if necessary.

  8. The user allows or disallows passing his identity.

  9. The OpenID Provider redirects the User-Agent back to the OpenID consumer with an "authentication approved" or "failed" request.

  10. The OpenID consumer verifies the information received from the provider by using the shared secret it got in step 3 or by sending an additional direct request to the OpenID provider.

Zend Framework