[Summary view] [Print] [Text view]

   1  What's New in PHP OpenID 2.0
   2  ============================
   3  
   4  This library implements both the OpenID 1 and OpenID 2 protocols.  The
   5  API changes in this version of the library are minimal and mostly
   6  backwards-compatible with current RP and Server implementations.  If
   7  you're already using this library for OpenID 1, only a few small
   8  changes (see Summary below) will be needed once you upgrade.
   9  
  10  The big news here is compatibility with version 2.0 of the OpenID
  11  protocol.  Highlights include:
  12  
  13   * Simple Registration support in a new module Auth/OpenID/SReg.php.
  14     (Those previously using
  15     Auth_OpenID_SuccessResponse::extensionResponse() are advised to
  16     look here and at the example consumer and server for detailed usage
  17     information.)
  18   * OpenID provider-driven identifier selection.
  19   * "Negotiators" allow you to define which association types to use.
  20   * Improved examples/detect.php script (bugs fixed)
  21   * Improved layout of example consumer (see examples/consumer)
  22   * An improved HTML parser implementation
  23   * Library is now immune to being included inside functions and
  24     methods
  25   * Fixes to avoid multibyte overloading problems
  26  
  27  If you've written your own custom store or code that interacts
  28  directly with it, you'll need to review the change notes for
  29  Auth_OpenID_Interface in Auth/OpenID/Interface.php.
  30  
  31  
  32  Upgrading from earlier versions of this library
  33  -----------------------------------------------
  34  
  35  One of the additions to the OpenID protocol was a specified nonce
  36  format for one-way nonces.  As a result, the nonce table in the
  37  SQL-driven stores has changed.  You'll need to run the Python script
  38  contrib/upgrade-store-1.1-to-2.0 to upgrade your store, or you'll
  39  encounter errors about the wrong number of columns in the oid_nonces
  40  table.  To run the script, you'll need a python module supporting your
  41  database type: pysqlite2, psycopg, or MySQLdb.
  42  
  43  If you cannot run the Python script, you can re-create your store by
  44  dropping the tables in the store and calling createTables() on the
  45  store object.
  46  
  47  Consumers should now pass the consumer return_to URL to
  48  Auth_OpenID_Consumer::complete() to defend against return_to URL
  49  tampering.  This has REPLACED the old parameter, $query.  $query is
  50  now a second optional parameter.  It is STRONGLY RECOMMENDED that you
  51  never override $query, since the OpenID library uses its own logic to
  52  sidestep PHP's broken request-processing code.
  53  
  54  
  55  Summary of API Changes
  56  ----------------------
  57  
  58   - Auth_OpenID::fixArgs is now no longer necessary, and
  59  Auth_OpenID_Consumer::complete and Auth_OpenID_Server::decodeRequest
  60  no longer take query argument arrays.  *You should no longer pass any
  61  parameters to these methods.*
  62  
  63   - Auth_OpenID_SuccessResponse::extensionResponse() is no longer the
  64  preferred way to extract extension response parameters from the OpenID
  65  response.  Instead, see the Auth/OpenID/SReg.php module and the
  66  example consumer and server for detailed usage information on
  67  constructing Simple Registration requests and inspecting responses.
  68  extensionResponse() is still valid, but now takes a second parameter
  69  (bool) indicating whether extension args should be signed.
  70  
  71   - The Auth_OpenID_Server's response answer() method now takes
  72  additional parameters to support provider-driven identifier selection.
  73  See the example server and the documentation for
  74  Auth_OpenID_CheckIDRequest::answer.
  75  
  76   - Auth_OpenID_Consumer::complete() now takes two args:
  77  
  78     - $return_to, a required string that is the return URL passed to
  79       Auth_OpenID_AuthRequest::redirectURL()
  80  
  81     - $query, an optional array (or null if absent) denoting the query
  82       parameters of the OpenID response.  If null, the response data
  83       will be extracted from the PHP request environment.  Library
  84       users SHOULD NOT ever pass anything for $query unless they're
  85       testing the library.