ZF-6905: Zend_OpenID need support for OpenId Specification 2.0 final

Issue Type: Improvement Created: 2009-06-04T13:19:29.000+0000 Last Updated: 2012-02-24T22:41:58.000+0000 Status: Closed Fix version(s): Reporter: buzz lightgear (buzz) Assignee: Adam Lundrigan (adamlundrigan) Tags: - Zend_OpenId

Related issues: - ZF-5242

Attachments: - Consumer.php


We need the final spec implemented to use openid with yahoo and google accounts!!! Here we found a hack for zend, perhaps this is a solution:…

From the link: Little late to the game but I was able to get this working with some hacks I found around the interwebs.

First. Yahoo. To get Yahoo working all I had to do was change the JavaScript to use instead of just and it worked perfectly with the version of the Zend Framework I'm using. Unfortunately Google still wasn't, so some hacking was in order.

All of these changes go in Zend/OpenId/Consumer.php

First, in the _discovery method add the following on the series of preg_match checks that starts at around line 740.

<pre class="highlight">
} else if (preg_match('/([^<]+)<\/URI>/i', $response, $r)) {
  $version = 2.0;
  $server = $r[1];

I added this right before the return false; statement that's in the else {} block.

Second, in the _checkId method you'll need to add 3 new blocks (I haven't dug around enough to know what causes each of these three cases to be called, so I covered all to be on the safe side.

Inside the $version <= 2.0 block, you'll find an if/else if/else block. In the first if statement ($this->_session !== null) add this to the end:

<pre class="highlight">
if ($server == '<a href=""></a>') {
  $this->_session->identity = '<a href=""></a>';
  $this->_session->claimed_id = '<a href=""></a>';

In the else if (defined('SID') block add this to the end:

<pre class="highlight">
if ($server == '<a href=""></a>') {
  $_SESSION['zend_openid']['identity'] = '<a href=""></a>';
  $_SESSION['zend_openid']['claimed_id'] = '<a href=""></a>';

And then after the else block (so outside the if/else if/else block all together, but still inside the $version <= 2.0 block) add this:

<pre class="highlight">
if ($server == '<a href=""></a>') {
  $params['openid.identity'] = '<a href=""></a>';
  $params['openid.claimed_id'] = '<a href=""></a>';


Posted by Alfredo Artiles (aartiles) on 2009-06-28T05:18:23.000+0000

I have tried this patch and didn't work for me. I am using 1.8.4. I hope to see a solution to authenticate with google and yahoo soon

Posted by Chris (chris.bisnett) on 2009-07-20T15:51:47.000+0000

I have found this patch to work for version 1.8.4p1.

Posted by Satoru Yoshida (satoruyoshida) on 2009-08-03T19:18:38.000+0000

add code tag

Posted by Igor (urn) on 2009-09-24T04:00:17.000+0000

Thanks for the hack. We definately need official support of 2.0 version of OpenId. When will it be..?

Posted by Niek Bosch (eekhoorn13) on 2010-08-11T09:26:48.000+0000

I've done this for my own website. It's probably not conform all Zend Framework standards and it lacks unit testing and all that. Nevertheless, it will probably help you a great deal. When I'm more at home in this contributing thing, I'll do more work myself. For now it supports:

  • XRI (not tested in this version)
  • Yadis discovery
  • XRDS document parsing (as is needed for XRI and Yadis)
  • HTML discovery (not changed)

It works with google and with

Posted by Torio Farazdagi (torio) on 2010-08-11T10:17:31.000+0000

Thanks Niek! Will look into the supplied code and accommodate for ZF standards + UTs.

Posted by DJ (cloakedninjas) on 2010-08-16T04:22:20.000+0000

While the attached script does allow for authentication with Google, Yahoo - or any other v2.0 provider still won't.

I've had to ditch ZF in favour of a complete working solution. I'm now using an implementatation from Janrain :

Posted by Carlos Rodrigues (carlos.vini) on 2011-07-21T20:12:11.000+0000

The changes suggested worked for me. But there is a problem when you use a Google Apps domain as the identifier, like this: *…

The login() method works fine, but in this case the verify() method is unable to discover the data because Google sends back the identity in a format similar to this: *

I don't know if its a Google problem, or a Zend problem. But i had to comment the lines below to ignore the discovery on verify().

/* } else if (!$this->_discovery($id, $discovered_server, $discovered_version)) { $this->_setError("Discovery failed: " . $this->getError()); return false;

                } else if ((!empty($params['openid_identity']) &&
                            $params["openid_identity"] != $id) ||
                           (!empty($params['openid_op_endpoint']) &&
                            $params['openid_op_endpoint'] != $discovered_server) ||
                           $discovered_version != $version) {
                    $this->_setError("Discovery information verification failed");
                    return false;

Posted by Adam Lundrigan (adamlundrigan) on 2012-02-24T22:41:58.000+0000

Closing as "Needs Proposal". If someone wants to step up and implement this for v1.12 please draft an RFC.

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.