There are three settings to be made for the openId authentication request.
First you have to decide what name your foreign service (the openid identity provider you are calling) shall have (here: someForeignService).
Next is to set the 'identityUrl'. Your identity provider shall be able to name it to you. Add this to the field named identityUrl as a subsection of your identity provider field definition.
Third and optional you may define a 'redirectUrl'. Be aware this is not the 'returnPath' mandatory for the openId authentication request. This is just for internal processing if you want to send the user to a specific page after the authentication process was finished or if the process was canceled.
openid: client: someForeignService: identityUrl: <URL of the identity provider> redirectUrl: <url to a drop page>
Send an openId request
The first step of an authentication request is to start a discovery process in order to get the url to
authenticate against. This could be done using the 'authUrl()' method from the api_openId_client_request class.
To send an authentication request to the identity provider the following example shall enlighten you.
$configuration = api_config::getInstance(); $openidRequest = api_openId_client_request(configuration->openid\['client'\]\['someForeignService'\]); $openidRequest->setReturnPath('/openid/response/someForeignService/auth'); $url = $openidRequest->authUrl(); $openidRequest->addRequiredAttribute('email'); $openidRequest->addRequiredAttribute('language'); $openidRequest->addOptionalAttribute('firstname'); $openidRequest->addOptionalAttribute('lastname'); $openidRequest->addOptionalAttribute('gender'); /* * or use the setAttributes() method. Both keys (required, optional) are optional. * * $openidRequest->setAttributes(array( * 'required' => array('email', 'language'), * 'optional' => array('firstname', 'lastname', 'gender'), * )); */ header("Location: $url"); exit();
Receive an openId response
After you sent the request the identity provider will return to you (remember the set returnPath).
To be able to catch the request from the identity provider you have to define a route (the shown one is already predefined in commandmap.php):