news 3.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
  1. What's New in PHP OpenID 2.0
  2. ============================
  3. This library implements both the OpenID 1 and OpenID 2 protocols. The
  4. API changes in this version of the library are minimal and mostly
  5. backwards-compatible with current RP and Server implementations. If
  6. you're already using this library for OpenID 1, only a few small
  7. changes (see Summary below) will be needed once you upgrade.
  8. The big news here is compatibility with version 2.0 of the OpenID
  9. protocol. Highlights include:
  10. * Simple Registration support in a new module Auth/OpenID/SReg.php.
  11. (Those previously using
  12. Auth_OpenID_SuccessResponse::extensionResponse() are advised to
  13. look here and at the example consumer and server for detailed usage
  14. information.)
  15. * OpenID provider-driven identifier selection.
  16. * "Negotiators" allow you to define which association types to use.
  17. * Improved examples/detect.php script (bugs fixed)
  18. * Improved layout of example consumer (see examples/consumer)
  19. * An improved HTML parser implementation
  20. * Library is now immune to being included inside functions and
  21. methods
  22. * Fixes to avoid multibyte overloading problems
  23. If you've written your own custom store or code that interacts
  24. directly with it, you'll need to review the change notes for
  25. Auth_OpenID_Interface in Auth/OpenID/Interface.php.
  26. Upgrading from earlier versions of this library
  27. -----------------------------------------------
  28. One of the additions to the OpenID protocol was a specified nonce
  29. format for one-way nonces. As a result, the nonce table in the
  30. SQL-driven stores has changed. You'll need to run the Python script
  31. contrib/upgrade-store-1.1-to-2.0 to upgrade your store, or you'll
  32. encounter errors about the wrong number of columns in the oid_nonces
  33. table. To run the script, you'll need a python module supporting your
  34. database type: pysqlite2, psycopg, or MySQLdb.
  35. If you cannot run the Python script, you can re-create your store by
  36. dropping the tables in the store and calling createTables() on the
  37. store object.
  38. Consumers should now pass the consumer return_to URL to
  39. Auth_OpenID_Consumer::complete() to defend against return_to URL
  40. tampering. This has REPLACED the old parameter, $query. $query is
  41. now a second optional parameter. It is STRONGLY RECOMMENDED that you
  42. never override $query, since the OpenID library uses its own logic to
  43. sidestep PHP's broken request-processing code.
  44. Summary of API Changes
  45. ----------------------
  46. - Auth_OpenID::fixArgs is now no longer necessary, and
  47. Auth_OpenID_Consumer::complete and Auth_OpenID_Server::decodeRequest
  48. no longer take query argument arrays. *You should no longer pass any
  49. parameters to these methods.*
  50. - Auth_OpenID_SuccessResponse::extensionResponse() is no longer the
  51. preferred way to extract extension response parameters from the OpenID
  52. response. Instead, see the Auth/OpenID/SReg.php module and the
  53. example consumer and server for detailed usage information on
  54. constructing Simple Registration requests and inspecting responses.
  55. extensionResponse() is still valid, but now takes a second parameter
  56. (bool) indicating whether extension args should be signed.
  57. - The Auth_OpenID_Server's response answer() method now takes
  58. additional parameters to support provider-driven identifier selection.
  59. See the example server and the documentation for
  60. Auth_OpenID_CheckIDRequest::answer.
  61. - Auth_OpenID_Consumer::complete() now takes two args:
  62. - $return_to, a required string that is the return URL passed to
  63. Auth_OpenID_AuthRequest::redirectURL()
  64. - $query, an optional array (or null if absent) denoting the query
  65. parameters of the OpenID response. If null, the response data
  66. will be extracted from the PHP request environment. Library
  67. users SHOULD NOT ever pass anything for $query unless they're
  68. testing the library.