StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
4127343
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2010-11-08T19:37:34.460
FavoriteCount
0
LastActivityDate
2017-10-14T12:12:17.380
LastEditDate
2017-10-14T12:12:17.380
LastEditorUserId
413910
OwnerUserId
413910
ParentId
4061537
PostTypeId
2
Score
13
ViewCount
0
LastEditorDisplayName
text
Body
<blockquote> As original author of this answer, I want to note that I regard it as OUTDATED. Since most providers decided to exclusively implement Oauth instead of Openid. Newer Openid services will also likely use openid connect, which is based on oauth. There are good libraries like for example: <a href="https://github.com/hybridauth/hybridauth" rel="nofollow noreferrer">https://github.com/hybridauth/hybridauth</a> </blockquote> After the discussion of the already existing answer i sum up: Almost every major provider is an openid provider / endpoint including Google, Yahoo, Aol. Some of them requrie the user to specify the username to construct the openid endpoint. Some of them (the ones mentioned above) do have discovery urls, where the user id is automatically returned so that the user only has to click. (i would be glad if someone could explain the technical background) However the only pain in the ass is Facebook, because they have their Facebook connect where they use an adapted version of OAuth for authentication. Now what I did for my project is to set up an openid provider that authenticates the user with the credentials of my facebook Application - so the user gets connected to my application - and returns a user id that looks like: <pre><code>http://my-facebook-openid-proxy-subdomain.mydomain.com/?id=facebook-user-id </code></pre> I also configured it to fetch email adress and name and return it as AX attributes. So my website just has to implement opend id and i am fine :) I build it upon the classes you can find here: <a href="http://gitorious.org/lightopenid" rel="nofollow noreferrer">http://gitorious.org/lightopenid</a> In my index.php file i just call it like this: <pre><code><?php require 'LightOpenIDProvider.php'; require 'FacebookProvider.php'; $op = new FacebookProvider; $op->appid = 148906418456860; // your facebook app id $op->secret = 'mysecret'; // your facebook app secret $op->baseurl = 'http://fbopenid.2xfun.com'; // needs to be allowed by facebook $op->server(); ?> </code></pre> and the source code of FacebookProvider.php follows: <pre><code><?php class FacebookProvider extends LightOpenIDProvider { public $appid = ""; public $appsecret = ""; public $baseurl = ""; // i have really no idea what this is for. just copied it from the example. public $select_id = true; function __construct() { $this->baseurl = rtrim($this->baseurl,'/'); // no trailing slash as it will be concatenated with // request uri wich has leading slash parent::__construct(); # If we use select_id, we must disable it for identity pages, # so that an RP can discover it and get proper data (i.e. without select_id) if(isset($_GET['id'])) { // i have really no idea what happens here. works with or without! just copied it from the example. $this->select_id = false; } } function setup($identity, $realm, $assoc_handle, $attributes) { // here we should check the requested attributes and adjust the scope param accordingly // for now i just hardcoded email $attributes = base64_encode(serialize($attributes)); $url = "https://graph.facebook.com/oauth/authorize?client_id=".$this->appid."&redirect_uri="; $redirecturl = urlencode($this->baseurl.$_SERVER['REQUEST_URI'].'&attributes='.$attributes); $url .= $redirecturl; $url .= "&display=popup"; $url .= "&scope=email"; header("Location: $url"); exit(); } function checkid($realm, &$attributes) { // try authenticating $code = isset($_GET["code"]) ? $_GET["code"] : false; if(!$code) { // user has not authenticated yet, lets return false so setup redirects him to facebook return false; } // we have the code parameter set so it looks like the user authenticated $url = "https://graph.facebook.com/oauth/access_token?client_id=148906418456860&redirect_uri="; $redirecturl = ($this->baseurl.$_SERVER['REQUEST_URI']); $redirecturl = strstr($redirecturl, '&code', true); $redirecturl = urlencode($redirecturl); $url .= $redirecturl; $url .= "&client_secret=".$this->secret; $url .= "&code=".$code; $data = $this->get_data($url); parse_str($data,$data); $token = $data['access_token']; $data = $this->get_data('https://graph.facebook.com/me?access_token='.urlencode($token)); $data = json_decode($data); $id = $data->id; $email = $data->email; $attribute_map = array( 'namePerson/friendly' => 'name', // we should parse the facebook link to get the nickname 'contact/email' => 'email', ); if($id > 0) { $requested_attributes = unserialize(base64_decode($_GET["attributes"])); // lets be nice and return everything we can $requested_attributes = array_merge($requested_attributes['required'],$requested_attributes['optional']); $attributes = array(); foreach($requested_attributes as $requsted_attribute) { if(!isset($data->{$attribute_map[$requsted_attribute]})) { continue; // unknown attribute } $attributes[$requsted_attribute] = $data->{$attribute_map[$requsted_attribute]}; } // yeah authenticated! return $this->serverLocation . '?id=' . $id ; } die('login failed'); // die so we dont retry bouncing back to facebook return false; } function get_data($url) { $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); return $data; } } </code></pre> Its just a first working version (quick and dirty) Some dynamic stuff is hardcoded to my needs. It should show how and that it can be done. I am happy if someone picks up and improves it or re writes it or whatever :) Well i consider this question answered but I add a bounty just to get discussion. I would like to know what you think of my solution. I will award the bounty to the best answer/comment beside this one.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POBest way to implement Single-Sign-On with all major providers?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USThe Surrican
UserOwnerUserId
1. USThe Surrican
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POBest way to implement Single-Sign-On with all major providers?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COIt might be safer to store the appid as a string: that's one big fat dangerous integer `$op->appid = '148906418456860';`
 singulars
 PostPostId
 PO
 UserUserId
 US͢bts
2. COtrue ;) common "mistake".. however i tend to throw a "please upgrade to 64 bit" exception :P
 singulars
 PostPostId
 PO
 UserUserId
 USThe Surrican

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.