OpenID and OAuth have been around for awhile, but now with an approach we call 'Hybrid' we are able to blend the best of both worlds.
For those of you not familiar with OpenID, OpenID allows users to log into other Web sites with their login credentials from Web sites that support OpenID. Web sites such as MySpace that allow their users to bring a user's identity with them are called OpenID Providers (OPs). In this case, MySpace is proud to announce that we are an OpenID Provider, and we call our specific version of OpenID MySpaceID. MySpaceID follows all of the specifications and conventions of OpenID and OAuth to provide some extended functionality that OpenID does not do alone. MySpaceID will allow users to connect to your site in unprecedented ways, currently a new user to your site could use their MySpaceID to import their friends, profile, pictures, or the videos they have uploaded to MySpace. In the near future you will be able to use the MySpaceID SDK to publish data back into MySpace. As the SDK matures, you will see more of this behavior exposed.
Since we cannot just give Web sites carte blanche rights to a user's account to post or to get information, we use OAuth as a way to authenticate that a user gave your site privileges to access the on their behalf, allowing you access to their social graph and profile. When you combine OpenID and OAuth, a Relying Party based Web site can take full advantage of MySpace's Social Graph.
Contents |
This walkthrough will cover setting up the 'MySpaceID-OpenID-OAuth' sample with your own consumer key and some brief discussion on some of the talking points of the code. This is a very basic sample meant to show a limited set of functionality and to get you up and running quickly. Sample suggestions are welcome.
This was tested on Dreamhost.com
Getting a Consumer Key and Consumer Secret from MySpace.com
Note: You are using another users data so be sure to understand what you are responsible for. You must do this for each application you create.
The Edit App Information page appears. You can change the Application Title from this page at any time.
For the external domain, enter the Protocol/Scheme in the first box and Domain in the second box. This must match the same information provided in the oauth_callback parameter when requesting session based authentication.
Example: protocol = http, domain = www.myspace.com will match oauth_callback=http://myspace.com/mycallback
Note: query strings are ignored and sub-domains are not used to validate.)
Enter a set of realm patterns that represents the URL-spaces for all OpenID authentication requests for your app. The realm patterns specified here will also be presented to the end-user during authentication to give them an indication of the scope of the authentication request.
In this example, http://demos.jdavid.net is our server, and on that server, we have created a directory to test the MySpaceID-SDK, called mypspaceid-sdk. This directory's base path is now http://demos.jdavid.net/myspaceid-sdk/.
The SDK has 3 directories in it:
Since the Samples are in the samples directory, and each sample has it's own directory we end up with a Realm for the OpenID + OAuth being:
Examples of Sample Realms:
Note: http://demos.jdavid.net/myspaceid-sdk/samples/myspaceid-oauth/ is not needed in the Realm List. This is because the REALM field is needed for OpenID applications only.
Recommendation: You will probably want to edit your hosts file if you plan to debug locally so that it is easier to have a unique Realm endpoint for your application.
A SUCCESS message displays at the top of the page:
Note: You must save to update your settings.
You now have a New Consumer Key and Consumer Secret with your Realms set up.
Google Code is a great site and I have had zero problems with their SVN implementation. I also like using two tools to make it easier on Windows. I recommend the following tools for Windows Vista:
If you are using Tortoise SVN right click in the directory you want the SDK to download to and select SVN Checkout. Grab the SVN URL from: http://myspaceid-php-sdk.googlecode.com/svn/trunk/
Click 'OK' to continue.
You should now have a local copy of the SDK.
config.MySpace.php (or config.MySpace.local.php)
1 <?php 2 3 //please register at http://developer.myspace.com for a CONSUMERK_KEY 4 define('CONSUMER_KEY', 'NOT SET'); 5 6 //please register at http://developer.myspace.com for a CONSUMER_SECRET 7 define('CONSUMER_SECRET', 'NOT SET'); 8 9 /** 10 * This is where the example will store its OpenID information. 11 * You should change this path if you want the example store to be 12 * created elsewhere. After you're done playing with the example 13 * script, you'll have to remove this directory manually. 14 */ 15 define('TEMP_STORE_PATH', "tmp/_php_consumer_test"); 16 17 /** 18 * map the following CONST to a proper file for your opperatin system/ enviroment 19 * 20 * "source/Auth/OpenID/CryptUtil.php" 21 * 22 * define('Auth_OpenID_RAND_SOURCE', 'C:\_net_capture\001.pcap'); 23 */ 24 ?>
You will need to set the following lines:
4 define('CONSUMER_KEY', 'NOT SET');
Set your consumer key for most of the samples. The popup sample currently is configured to use its own consumer key.
7 define('CONSUMER_SECRET', 'NOT SET');
Set your consumer secret for most of the samples. The popup sample currently is configured to use its own consumer secret.
15 define('TEMP_STORE_PATH', "tmp/_php_consumer_test");
This path defines were the SDK manages a few temp files like nonces and what not. To get this set up don't worry about it too much, you might want to set it to a relative path like tmp/_php_consumer_test You will need to make sure that this directory has been created and the SDK has write access to it.
If this is not set correctly you may see this Error:
Warning: mkdir() [function.mkdir]: No such file or directory in /home/.jamshid/user1056/demos.jdavid.net/myspaceid-sdk/samples/myspaceid-openid-oauth/common.php on line 75 Could not create the FileStore directory 'c:/tmp/_php_consumer_test'. Please check the effective permissions.
17 /** 18 * map the following CONST to a proper file for your opperatin system/ enviroment 19 * 20 * "source/Auth/OpenID/CryptUtil.php" 21 * 22 * define('Auth_OpenID_RAND_SOURCE', 'C:\_net_capture\001.pcap'); 23 */
The above lines refer to some potential edits you need to make to the source/Auth/OpenID/CryptUtil.php file, which has an OS dependency.
Right now it should be set to which will get a random string of text from the linux os environment.
define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');// for linux
samples\myspaceid-openid-oauth\common.php The first ~20 lines of code in this file:
1 <?php 2 3 define('LIB_PATH', "../../source/"); 4 define('CONFIG_PATH', "../../config/"); 5 define('LOCAL', false); 6 7 8 $path_extra = dirname(dirname(dirname(__FILE__))); 9 $path = ini_get('include_path'); 10 $path = CONFIG_PATH . PATH_SEPARATOR 11 . LIB_PATH . PATH_SEPARATOR 12 . $path_extra . PATH_SEPARATOR 13 . $path; 14 ini_set('include_path', $path); 15 16 function displayError($message) { 17 $error = $message; 18 include 'index.php'; 19 exit(0); 20 }
Lines 3 & 4 define where the source and config files are for the Classes in the SDK, since these are configurable for each sample, you can choose to use a specific branch of the SDK, or a specific consumer key and secret.
Line 5, defines whether to fetch the local config or the web server config. I wanted an easy mechanism so I could test and debug locally and on a webserver with nearly the same settings.
The code in line 55 of common.php shows how one would use the local constant to determine which version of the configuration to load, feel free to get as crazy as you like, but I like ternary operators in code, and I find them very readable when you get used to them. The following line says if LOCAL is true, then load 'config.MySpace.local.php', if it is false, then load 'config.MySpace.php'.
55 require_once LOCAL ? "config.MySpace.local.php" : "config.MySpace.php";
You should be able to login on your local server, here is a final checklist to run through.
Load the index.php file. See the following link for an example: http://demos.jdavid.net/myspaceid-sdk/samples/myspaceid-openid-oauth/
Fill in the vanity URL with your MySpace URL.
The following login window will appear:
Log in to MySpace now.
The browser should be redirected back to something like this:
You now have your first OpenID application working.
This error sometimes occurs when you have a realm mismatch. Please check your application and realm list and make sure that they match.
Fatal error: Uncaught exception 'MySpaceException' with message 'This function requires an OAuth token'
in /home/.jamshid/$$$/demos.jdavid.net/myspaceid-sdk/source/MySpaceID/myspace.php:571
Stack trace: #0 /home/.jamshid/$$$/demos.jdavid.net/myspaceid-sdk/source/MySpaceID/myspace.php(454)
: MySpace->requireToken()
#1 /home/.jamshid/$$$/demos.jdavid.net/myspaceid-sdk/samples/myspaceid-openid-oauth/finish_auth.php(47)
: MySpace->getAccessToken()
#2 /home/.jamshid/$$$/demos.jdavid.net/myspaceid-sdk/samples/myspaceid-openid-oauth/finish_auth.php(66)
: run()
#3 {main} thrown in/home/.jamshid/$$$/demos.jdavid.net/myspaceid-sdk/source/MySpaceID/myspace.php on line 571