Getting a gmail address with... openid? oauth?

Asked 13/7, 2010 at 23:3 Answered 14/7, 2010 at 7:0

I'm getting confused.

I was able to make openid login kinda work using LightOpenID.

All I get doing that is just an openid_identity such as "https://www.google.com/accounts/o8/id?id=xxx". Pretty disappointing: I was expecting to get the email address too.

i.e. I need to login (that's what openid does) and to know the email address of the google account the user used to login.

There is the function $openid->getAttributes() but all I get from that is just an empty array: I guess google isn't going to give me anything else than that openid_identity.

So I guess I'm supposed to use OAuth, right? I'm clueless about that. I've only found horrible and confused documentation, that either pretends to explain everything (and I do mean everything), or it fails explain anything at all.

Yes, of course I've tried to look at the previous posts about that, just as I did search on google. Read again the above paragraph, please.

Pitfall answered 13/7, 2010 at 23:3 Comment(2)

please have a look at my question (might be useful to you) here : #2667947 So basically as far as I know, that's the way how it is for OpenID at gmail, you cannot have your gmail address expressively as part of your OpenID – Slag 13/7, 2010 at 23:6

thanks. If that's so we are back to the second part of the question: OAuthWTF? – Frankie 13/7, 2010 at 23:9

I've just discovered LightOpenID and I think it's wonderful. I've managed to get the email address, the first and last name and the prefered language using the following modification of example-gmail.php:

<?php

require_once('openid.php');

if (empty($_GET['openid_mode']))
{
    if (isset($_GET['login']))
    {
        $openid = new LightOpenID();
        $openid->identity = 'https://www.google.com/accounts/o8/id';
        $openid->required = array('namePerson/first', 'namePerson/last', 'contact/email', 'pref/language');

        header('Location: ' . $openid->authUrl());
        //header('Location: ' . str_replace('&amp;', '&', $openid->authUrl()));
    }

    else
    {
        echo '<form action="?login" method="post">' . "\n";
        echo '<button>Login with Google</button>' . "\n";
        echo '</form>' . "\n";
    }
}

else if ($_GET['openid_mode'] == 'cancel')
{
    echo 'User has canceled authentication!';
}

else
{
    $openid = new LightOpenID();

    echo 'User ' . ($openid->validate() ? $_GET['openid_identity'] . ' has ' : 'has not ') . 'logged in.';

    echo '<pre>';
    print_r($openid->getAttributes());
    echo '</pre>';
}

?>

I changed the code to make it a little more readable, the output:

User https://www.google.com/accounts/o8/id?id=*** has logged in.

Array
(
    [namePerson/first] => Alix
    [contact/email] => ***@gmail.com
    [pref/language] => en
    [namePerson/last] => Axel
)

I still can't get the postal code and others from Google but I've had success with myOpenID.com.

Aragats answered 14/7, 2010 at 7:0 Comment(11)

Thanks, but my question is: where is the list of required attributes I may ask? I could only find the list of openix.ax.wtf, but I have no idea about how to use them in LightOpenID... :/ – Frankie 14/7, 2010 at 10:22

Oh, here it is --> axschema.org/types ... still, is there a way to ask google which of these fields is going to export? Or just try them all and some will work while some won't? – Frankie 14/7, 2010 at 10:26

Does LightOpenID store the request you made in the if (isset($_GET['login']))? It doesn't appear to, yet it should (for performance reasons). In case of Google, it's indifferent, but it may not be if the user-supplied identifier (USI) is the claimed identifier (CI). Let's say you enter myusername.myopenid.com. In the discovery phase for that url, you find out that the endpoint url that responds authoritatively for that identifier. If you don't save that information, in the second phase you'll have to check again if the endpoint has authority over the CI. – Derwon 14/7, 2010 at 10:30

@Lo'oris: I'm also still pretty green at this. =P I tried them all, but then I found this: code.google.com/apis/accounts/docs/OpenID.html#Parameters. Google delivers country, email, firstname, language and lastname. – Aragats 14/7, 2010 at 10:58

@Artefacto: No it doesn't. And that's one of the reasons I'm enjoying LightOpenID so much. Ideally you should call the validate() method and if it returns true save $_GET['openid_identity'] in the $_SESSION and never worry about it again. That's what I'm getting from this, still I might be wrong or may not have understood what you're trying to ask (I'm really sleepy right now). – Aragats 14/7, 2010 at 11:2

@Alix It's not wrong, but for user-supplied identifier that don't result in "identifier_select" behavior, this causes an extra discovery. – Derwon 14/7, 2010 at 12:8

@Artefacto: I'm sorry but I'm having trouble understanding what you're saying. Do you mean the usage of https://www.google.com/accounts/o8/id? That's specific for the example-gmail.php file only. The general example goes something like $openid->identity = $_POST['openid_identifier'];. – Aragats 14/7, 2010 at 12:27

@Artefacto: There seems to be another question regarding identifier_select @ #3016265. I'm failing to understand what this is and what it does. – Aragats 14/7, 2010 at 12:31

https://www.google.com/accounts/o8/id causes user_select behaviour; the user will claim an identifier different from https://www.google.com/accounts/o8/id. So that's not really the case. And the general example doesn't change anything. It's really difficult to explain this in this short space. See the docs, 11.2 §3 – Derwon 14/7, 2010 at 12:32

@Artefacto: I still don't fully understand it. I'll have to take a look at this tomorrow, I'm way to tired today. – Aragats 14/7, 2010 at 14:22

@Alix Well, it's subtle, you have to fully grasp the OpenID workflow. – Derwon 14/7, 2010 at 14:24

You can use OpenID's attribute exchange. See the Google documentation here (in particular, openid.ax.type.email).

Derwon answered 13/7, 2010 at 23:21 Comment(1)

great! While I wasn't able to understand how to "map" those attributes such as openid.ax.type.email to LightOpenID's different ones (contact/email), knowing that it could be done I looked deeper into LightOpenID's documentation and I managed to do it :) thanks – Frankie 14/7, 2010 at 10:20

Having a Google account doesn't mean you get a gmail account. You can start a Google account with any email address.

Having said that I don't think its part of the spec to return email addresses or login data as part of the identity.

Wrote answered 13/7, 2010 at 23:9 Comment(1)

good point. I'd like to get that email address, doesn't matter if it's not gmail. – Frankie 13/7, 2010 at 23:11

OAuth and OpenID are not the same. They solve completely different things. I'm going under the assumption you checked out: Federated Login for Google Account Users it has a bit more explanation on how the accounts work for Google Accounts.

Solutions:

Digitate answered 13/7, 2010 at 23:20 Comment(0)

Recommended topics

Hot tags