Implementing Hybrid Auth Using PHP
The full code for this sample is available at https://github.com/jcleblanc/programming-social-applications/tree/master/chapter_12/hybrid-php.
Since we now have everything we need for hybrid auth, we can begin to explore a full end-to-end example of how OpenID 2.0 and OAuth 1.0A fit together into this process.
We will build upon the base example that was introduced in Chapter 11, taking the user through the process of entering an OpenID provider identifier URL and granting the application permission to capture her personal profile information, and then finally capturing her data and displaying it on screen.
Our first task in this process is to look at the discovery form.
The discovery form
Let’s start out by exploring the HTML that will compose the OpenID form in which the user inputs the OpenID URL that she wants to sign in to. As mentioned in our Chapter 11 example, in a production-level product, you should never require a user to input the OpenID discovery URL for the service that she is trying to sign in to. One proper method is to display the logo of the company (or companies) for which you offer a sign-in option and then initiate the OpenID process for the user’s selected provider without requiring her to enter any further information.
For the purposes of testing different services, though, we will build out a form that does require the user to know her preferred provider’s discovery URL. This form is stored as index.html:
<!DOCTYPE html PUBLIC ...