How To Add OpenID To Your Website For Dummies
Posted in Website Usability on October 5th, 2009 by admin – Be the first to commentOK, well you are certainly no dummy if you’d decided to add OpenID to your web site. The benefits of integrating OpenID are numerous, and will help you increase registration rates dramatically, as well as allow integration with leading social networking giants like Facebook and Twitter. I was able to add OpenID to my blog discovery website in under an hour. Here is a quick 3 step tutorial on how to quickly implement open ID into your existing web site registration sign up process without getting bogged down in complex coding.
Step #1
Rather than going to the OpenID Foundation site and sifting through various relatively complicated code libraries and documentation, I suggest you visit JanRain (the leading OpenID solution provider) and sign up for an account at RPXNow.com. Once logged in to your account, click on the “Create New Application” button, “Get Started” under the “Basic Plan” (free for up to 6 leading social networking sites – all you really need to hi 95%+ of social network users). Then enter your application name, and the domain on which you want optimize your registration process.
By signing up for an account with JanRain, they save you time by instantly connecting you with the numerous social network APIs to figure out what user information can be shared with your site. They also provide a nice little reporting interface on user login activity.
Step #2
Now it’s time to add some code to your website. While still logged in at RPXnow.com, under the “Setup” area in the right hand margin, go to “Quick Start”. Choose if you want your sign-up menu to pop-up, or be embedded. I always prefer embedded code since many browsers will block pop-ups these days. So, click on “Embed Instructions”, and be sure to copy and paste the code provided onto the page where you want users to sign-in or register. Note: you will need to change the code where it say “your_token_url” to the URL where you send people after then login in (this is the PHP page of code I provide in Step #3). This token URL will be a coded page (e.g. PHP) where you receive the open ID authorization for this user (and get information from their social network, such as Google Account username if available etc.) and then redirect them to a user dashboard or elsewhere.
When logged in at RPXnow.com, under the right hand side “Setup” menu, you’ll also have to click on “Configure Providers” to choose which social networks you want to allow into your sign-in process. Under “Settings” you can add URls to your Privacy Policy and Favicon image.
Step #3
Now here’s the trickiest part: setting up the code on the token URL page to authenticate the sign-in. This really just means that you need to have code here that proves or validates that the user is a member of a specific social network, and then receive a coded URL (their OpenID) which is unique to them. This coded URL (identifier) will allow you to retrieve all kinds of fantastic user information (without having them input it all over again) from their social network user account. Bear in mind that passwords are now obsolete with the use of OpenID. I realize this is a bit hard to get your head around, but it does make sense, since you only need a single unique variable to track users who already have accounts at Facebook, Google etc.. As a result, passwords are never available for retrieval using this single sign-in process.
Using PHP, I’ve provided working sample code here for your review and implementation (commented for PHP newbies and just anyone who can cut and paste). On line #10 of the code, you’ll need to input your “API Key” code which is found on the main page of your specific application which you set up at RPXnow.com.
'apiKey' => 'CUT AND PASTE YOUR API KEY HERE FROM YOUR RPXNOW ACCOUNT PAGE',
Note, in this php code that I’ve just requested the user’s unique identifier (their OpenID url) as well as their preferred username (if available, some social networks don’t share this) and saved them in session variables as per below. There is more information available depending on the social network, but this is what I’ve decided to provide in this example.
$_SESSION['user'] = $profile['preferredUsername']; $_SESSION['open_id'] = $profile['identifier'];
As you can see from above, all the user information is stored in the $profile array, and so you just have to look up what user info you want here, and pull it into a variable. So if you wanted to pull gender info which returns “male” or “female”, then use: $sex = $profile['gender'];
For you techies, I’m using the “json” and “curl” coding methods to retrieve data, which most servers support but if not, talk to your ISP. And finally, at the bottom of the page, you’ll see a redirect to “logged_in_page.php” which is the destination (or dashboard) page a user will find themselves at once logged in. And that’s really about it!