Home
- Developers»
- Installing Clickpass»
- Log users in
Log users in
URLs required at your site:
- begin_openid_login - trigger the OpenID authentication process
- complete_openid_login - process an authenticated OpenID
The code on this page addresses the simplest task of logging in an existing user who has OpenID activated at your site.
This is simply the basic set of functionality on your site that will process existing users returning to your site and doesn't worry about creation of new accounts, merging accounts together or signing users up.
begin_openid_login
http://yoursite.com/<OpenID directory>/begin_openid_login/
Description
Begins the OpenID authentication process - submits a user's OpenID to their OpenID provider for authentication and dictates which function should handle the authentication upon completion.
Parameters your URL should accept
Submission method: GET or POST (GET is preferred and leads to faster login times)
openid_url The user's OpenID URL
Return behaviour
Use OpenID library functions to redirect to OpenID provider
Pseudo code example
// set variables
completeOpenIdLogin_url = http://yoursite.com/<OpenID directory>/complete_openid_login/'
openid_url = GET.openid_url
// check that username and password are correct
OpenIDLibrary.beginAuth ( openid_url, completeOpenIdLogin_url )
EXIT
// The OpenID library will now redirect the user to their
// OpenID provider and begin the authentication process.
// Once complete the user return to
// http://yoursite.com/<OpenID directory>/complete_login/
OpenID library function
complete_openid_login
'http://yoursite.com/<OpenID directory>/complete_openid_login/
Description
To process the result of the OpenID auth process and then either create log the user in or prompt them to sign up for a new account.
Also see the regististration form.
Parameters your URL should accept
Submission method: GET
No parameters need to be accessed. All parameters are processed by OpenID library functions.
Return behaviour
EITHER
Log the user into their account with you
OR
Redirect to Clickpass to create a new account
OR
Show the user an error page
Pseudo code example
// setup parameters
openid_url = OpenIDLibrary.getOpenID( )
openid_auth_success = OpenIDLibrary.completeAuth( )
openidLoginError_url = 'http://yoursite.com/<error page>'
clickpassBeginRegistration_url = 'http://clickpass.com/signup/'
registrationParameters = <your required registration parameters />
if( openid_auth_success == true )
// check whether the OpenID is registered to a user
user = Database.getUserByOpenID( openid_url )
if( user )
// log the user in
user.completeLogin( )
EXIT
else
// store authentication result for later and redirect to registration form
SESSION.authenticatedOpenID = openID_url
// package up the registration parameters required for your site
clickpassBeginRegistration_url.queryString = urlEncode( registrationParameters )
redirect_to( clickpassBeginRegistration_url )
EXIT
end_if
else
// an error ocurred: show user to error page
redirect_to (openidLoginError_url)
EXIT
end_if
local function
OpenID library function
Database query
Security consideration
Users who have signed up to your site using OpenID will not (or should not) have a password set with you, this is essence of single-sign-on.
Some early implementations of OpenID did not check for this though and had a large security hole as a result. By allowing both username/password and OpenID they allowed OpenID users who had not set their password to log in using a username and blank password!
Once you have enabled OpenID, you need to add some consideration for what is happening back at normal username / password authentication and make sure you don't authenticate blank passwords.
User contributed notes
Have something to add to the docs or a question you want to ask? Get stuck in.
(We may occasionally prune notes to keep them as useful as possible to our readers)