How to Fetch Account Data from a Provider with Lightopenid

How to fetch account data from a provider with LightOpenID?

You need to call getAttributes() after $openid->validate() not before.


Note that it does not guarantee that any of the required/optional parameters will be present

Get user details from openid

Just read the manual:

$openid->required = array('namePerson/friendly', 'contact/email');
$openid->optional = array('namePerson/first');

before calling $openid->authUrl()!


$userinfo = $openid->getAttributes();
$email = $userinfo['contact/email'];
$firstName = $userinfo['namePerson/first'];

Log-in the user with LightOpenID

This script is now working fine from my localhost running apache on my laptop with a wifi connection to the internet.

I've been told that you should pass your domain to the new LightOpenId object when creating it.

$iniConfig is a parse_ini_file array stored outside the document root where I store all my important variables.

in this case


So, I create new object and include the domain the server is on:

$openid = new LightOpenID($iniConfig['openid']['domain']);

I wrote it this way, and haven't checked to see if it works without the domain..

Lightopenid and yahoo user email

Exactly the way you tried -- by adding 'contact/email' to $openid->required (or optional).

If a provider doesn't return the email -- that's fine, it doesn't have to. It doesn't mean that the provider doesn't support OpenID, or doesn't support SREG/AX (the OpenID extensions used to fetch the email). It just means that it decided not to send you the email address.

So my advice is: stop depending on that.

OpenID is a decentralized protocol, so there are a lot of providers that won't return email and other data, and you still have to support them. So again: the provider may return whatever data it wants, regardless of what you asked for, so you can't depend on it being returned.

simple openID in php

In OpenID, several requests need to be performed across involved parties to complete the login procedure; a single interaction would not be sufficient. More specifically:

  1. The browser asks for the login page, you send the form (neither openid_identifier, nor openid_mode are set).
  2. The user fills in the openid, and submits. You need to start a transaction with the provider, redirecting the user (openid_identifier from the form is set, but openid_mode is not)
  3. The user is redirected to the provider, logs in, and the provider redirects back to your page. You need to validate that the returned data is authentic, and then use the identifier to actually login the user (e.g. establish session, update UI, etc) (openid_mode will be set to either "id_res", "cancel", or "error").

So the two instantiations of LightOpenID actually belong to separate HTTP requests for cases 2 and 3; in case 1, you don't need a LightOpenID object since you are displaying a static form.

LightOpenID - Provider - Script is stuck at allow once,allow always,cancel

You have probably entered a wrong identity url.

For example, assuming the provider is on

An incorrect identity would be The provider would ask you for login and password, request authorization, then silently fail, because cannot be resolved to any login. would be a correct identity for this example.

One way to avoid this is to set $op->select_id = true when there's no login in the url, which would cause the server to return both claimed_id and identity to the correct url (like google does).

How do I login the user with Yii and OpenID

To use the data from openID as Yii login, you could modify/overwrite the UserIdentity Class (protected/components).

Overwrite the existing authenticate method.
At this point you also can set the current Yii username, like:


(where $openId->username should be replaced by the variable which contains the openID user name)

By overwriting the side/login action, you can call your modified method, like this:

$identity=new UserIdentity("m","m");//where m is dummy
if($identity->authenticate()) {

//Update (because of your comment):
Not sure, if I understand your problem right. But what's about adding a new method in UserIdentity, like authenticateOID(). call this method at the beginning of the original authenticate() method, like so:

if ($this->authenticateOID) {/*set username & return true to end the method here*/}
else {/*original authenticate method from Yii*/}

Inside authenticateOID() you check if OID authentication is done and/or if the user still in you local "OID - user table"

Google suddenly started to return validation as false using LightOpenId

Other people are saying to enable cURL (which may be your issue), but in my case cURL was enabled.

Some more snooping around and I found out that the request was going through request_streams() due to the following check failing in the function request (formatted for convenience):

if (
function_exists( 'curl_init' ) &&
!in_array( 'https', stream_get_wrappers() ) ||
!ini_get( 'safe_mode' ) &&
!ini_get('open_basedir' )
) {

Change it to:

if (
function_exists( 'curl_init' ) &&
!in_array( 'https', stream_get_wrappers() ) ||
!ini_get( 'safe_mode' ) &&
!ini_get( 'open_basedir' )
) {

Hope this helps.

Edit: Forgot to say that I'm unsure if Google did make some change, but the fact that a lot of people using the same library having the same problem at the same time means something happened, and I can say that most people probably didn't change a thing. Google probably flicked some switch to make something more restrictive/secure.

Related Topics

Leave a reply