Can I get some clarification about the correct steps to follow? about openid-connect-php HOT 3 CLOSED

The client ID identifies the client -- your application -- to the server. It does not identify the user at all. What you can do is use your client ID (and secret) to get an ID Token for each user. The ID token will have two fields inside of it that, when taken together, uniquely identify the user: iss and sub. The iss is a URL that identifies the identity provider and the sub is an opaque value (not a username) that uniquely identifies the current user at the identity provider.

So the first time you talk to a given IdP, you register. But you still need to get the ID token to actually log the user in. For subsequent users, you don't need to register anymore, but you do still need to get ID tokens.

from openid-connect-php.

@kace91 I'd like to add the following in addition to what @jricher has stated.

You can think of client id and client secret has the global user name and password for our application in regards to the identity provider. (Identity provider being google, salesforce, etc...)

Consider the following snippet. Hope this helps!

require "OpenIDConnectClient.php5";

$oidc = new OpenIDConnectClient("https://my.id.provider.url/");

//
// BEGIN
//
// This block stores information in $_SESSION
// It is not practical for production for many obvious reasons.
// You should change it to store the CLIENT ID and CLIENT SECRET in a database or text file
//

if (!$_SESSION['i']) {
   $oidc->register();
   $_SESSION['i'] = $oidc->getClientID();
   $_SESSION['d'] = $oidc->getClientSecret();
}

$oidc->setClientID($_SESSION['i']);
$oidc->setClientSecret($_SESSION['d']);

//
// END
//

// Let's ask for all of the user's information!
$attrib = array('name','family_name','given_name','middle_name','nickname','preferred_username','profile','picture','website','gender','birthdate','zoneinfo','locale','updated_at');
$oidc->addScope(array('openid','profile'));

// This will prompt the user to login.
// 
// It will also prompt the user for permission
// Hey user! do we have permission to use your ____ ?
$oidc->authenticate();

//
// For demo purposes! Let's see what we have!
//
$object = new stdClass();
foreach ($attrib as $key => $value) {
    $object->$value = $oidc->requestUserInfo($value);
}

print_r($object);

from openid-connect-php.

@jumbojett thanks for your help! It's all much clearer now.

One last question: The authenticate method is supposed to ask the user for permission. However, I see there's code below it showing the retrieved data. Isn't the authenticating process supposed to redirect to a callback page? If so, how (and when) does the code below authenticate get executed? (given that php is executed server side before the page reaches the user). And it does not redirect you, then why does google require a redirection url?

from openid-connect-php.