I'm working on a web app that will require somewhat frequent access to Google Data APIs, so I decided to go with the "OAuth with Federated Login (Hybrid Protocol)" method for users to log into the app. I got the http://googlecodesamples.com/hybrid/ working (after 开发者_C百科some tweaks for PHP 5.3 compatibility), and am able to get an Access Token. What's the next step? How do I use this access token?
It seems like I'll need to create a local session for the user to browse the rest of the app. Will this need to be completely independent of the Google login, or how would you handle that?
Relevant: this application also needs a REST API, for which I was planning to use OAuth. Any recommendation on how to tie this in with authentication for the actual app?
I am using the PHP LightOpenID library (see on gitorious) for that. It handles all the authentication flow for us. You don't need to bother about token and stuff.
Here the page where I display the "Login with Google" link :
<?php
require_once 'openid.php';
$openid = new LightOpenID;
$openid->identity = 'https://www.google.com/accounts/o8/id';
$openid->required = array('contact/email');
$openid->returnUrl = 'http://my-website.com/landing-login.php'
?>
<a href="<?php echo $openid->authUrl() ?>">Login with Google</a>
When the click on the link, a Google page will appear ask him to authenticate and/or authorize you to retrieve his email.
Then he will be redirect to the landing page $openid->returnUrl
. The code for that page should be :
<?php
require_once 'openid.php';
$openid = new LightOpenID;
if ($openid->mode) {
if ($openid->mode == 'cancel') {
// User has canceled authentication
} elseif($openid->validate()) {
// Yeah !
$data = $openid->getAttributes();
$email = $data['contact/email'];
} else {
// The user has not logged in via Google
}
} else {
// The user does not come from the link of the first page
}
?>
If you want to retrieve more info from the user, you have to add them to $openid->required
in the first page. For instance :
$openid->required = array(
'contact/email',
'namePerson/first',
'namePerson/last'
);
will let you, if the user accepts it, to get his first and last names as well in the second page :
$name = $data['namePerson/first'] . " " . $data['namePerson/last'];
Then, for the Oauth part, you can follow the instructions of this LightOpenID issue.
精彩评论