Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Dreamweaver 8 login/registration and RPX Now login


  • Please log in to reply
18 replies to this topic

#1 The Game Lounge

The Game Lounge

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 April 2009 - 12:57 AM

Hello there,

Okay I'll get right to it. I have a website (www.thegamelounge.net) and I have been trying to create a login system for it for so long. I am not good with coding so it has been hard for me trying to create such a system.
What I need to do is firstly, allow users to login using their OpenID (www.rpxnow.com) user names (such as Windows Live, OpenID, Yahoo and Google accounts), but then have the option to register through my website and also link their RPX login with the account created through my website (this can be done using the RPX mappings system).
Here is how to do the RPX login:
*********


~RECEIVE THE RPX TOKEN, AND GET THE AUTHENTICATION INFORMATION~

After a successful authentication, RPX redirects the user back to the token_url at your website as specified in step 1. Write some code to handle requests to your token_url, and extract the token parameter.

Make the auth_info API call

HTTP POST to https://rpxnow.com/api/v2/auth_info with the following required parameters:

apiKey:: b0ed15ef864e4bdf21260b16438be...
token:: Use the token sent to your token_url
RPX will respond with a JSON formatted response including the identifier of the user.

{
"profile": {
"displayName": "brian",
"preferredUsername": "brian",
"url": "http:\/\/brian.myopenid.com\/",
"providerName": "Other",
"identifier": "http:\/\/brian.myopenid.com\/"
},
"stat": "ok"
}

Use the identifier as the unique key to sign the user in to your website. If it's easier for you to parse XML, pass the optional format parameter to auth_info with a value of xml. You'll get a response like this:

<?xml version='1.0' encoding='UTF-8'?>
<rsp stat='ok'>
<profile>
<displayName>
brian
</displayName>
<identifier>
http://brian.myopenid.com/
</identifier>
<preferredUsername>
brian
</preferredUsername>
<providerName>
Other
</providerName>
<url>
http://brian.myopenid.com/
</url>
</profile>
</rsp>

Finally, use the handy RPX test tool, to help you preview and test your token_url and auth_info call implementations. We also have example code for C#, Java, PHP, or Ruby on Rails.

**********
So, basically what I need is some help with making the token form, where to embed it and how to embed it.
I then need to be able to create a registration system on my website using Dreamweaver 8, allowing me to link the website accounts to the RPX accounts.

Here is how to do mappings:
**********


~MAPPINGS~

Mappings can help you add OpenID sign-in to your existing user accounts without changing your database schema. The Mapping API also helps you implement the best practice of allowing multiple OpenIDs per user, which gives the end user total control of their identity by letting them switch their identity provider as their needs change.

You probably have a "users" or "accounts" table in your database. The mapping API lets you associate the primary key of an existing user with an OpenID, and store that mapping on the RPX server. When a mapping exists for a user, RPX returns both the primary key for the user and the associated OpenID in the auth_info call. You then use the primary key to figure out which account to sign the user into on your site.

New mappings are created with the map API call. Before using the map API call to save a primary key to identifier mapping, you must first know who the user is on your site, and have a record for them in your users or accounts table. This means that the user is either already logged in with a legacy account, or they have been verified using RPX and you have created a new record for them in the database but haven't yet stored that mapping anywhere. Either way, new mappings are generally created right after a user has verified their identity with RPX and you have extracted their identifier via the auth_info API call.

The image below represents a website using RPX with a Users table that has a primary key called "id". A user has bound three different OpenIDs to his account, and because the website is using the mapping API he may use any one of his mapped accounts to sign in as the BrianMan692 user.


After the mapping is made, when the user signs in with his brian.myopenid.com OpenID, an auth_info response including the primaryKey will be returned. Use the value of the primaryKey field to sign the user in as BrianMan692.

{
"profile": {
"identifier": "http:\/\/brian.myopenid.com\/",
"primaryKey": "17"
},
"stat": "ok"
}





***********
So, basically what I need is some help with making the token form, where to embed it and how to embed it.
I then need to be able to create a registration system on my website using Dreamweaver 8, allowing me to link the website accounts to the RPX accounts.

Further information can be obtained from www.rpxnow.com/docs

Thank you!


BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:17 AM

Posted 17 April 2009 - 07:29 AM

What language are you proposing to use? They have APIs for C#, Java, PHP, and Ruby on Rails. Have you looked at the Developer Wiki? The form is just a form. The wiki has a list of websites that use their system. Locate those, and then look at the source code of the web page.

#3 The Game Lounge

The Game Lounge
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 18 April 2009 - 11:43 PM

I dont care which language. What ever is easier/better to use!! The login pop-up uses Java Script, the server has PHP and Ruby options, so really it doesn't matter.

That source code didnt help... So any more info would be grand!

Thanks for your help.

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:17 AM

Posted 19 April 2009 - 12:47 AM

What do you have done so far?

#5 The Game Lounge

The Game Lounge
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 19 April 2009 - 07:09 PM

I've added the Java Script pop-up to the site (take a look at www.thegamelounge.net) which redirects to the ID provider you want. It then redirects back to a default login page. That page, however, has no script on it or anything. So the token is sitting there having nothing done with it.
Like I said, once it redirects back, I would like to have a register on the site option using the RPX mappings tool.

Many Thanks.

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:17 AM

Posted 19 April 2009 - 07:25 PM

Where did you find the javascript that you used?

#7 The Game Lounge

The Game Lounge
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 20 April 2009 - 01:14 AM

You get it in the admin area from RPX. Ill paste it here and show you:

"~Add the sign-in interface to your website~

The instructions below show you how to pop up the sign-in interface as an overlay on top of your webpages, and the embed instructions show you how to add the interface directly into your webpages without a popup. Choose the option that best fits your needs.

Add the following javascript code to the bottom of each page where you'd like users to sign in:

<script src="https://rpxnow.com/openid/v2/widget"
		type="text/javascript"></script>
<script type="text/javascript">
  RPXNOW.token_url = "http://example.com/your_token_url";
  RPXNOW.realm = "the-game-lounge";
  RPXNOW.overlay = true;
  RPXNOW.language_preference = 'en';
</script>

Set RPXNOW.token_url to your URL which will handle RPX responses. See step 2 for details.

Copy the following signin/signup link to your pages:

<a class="rpxnow" onclick="return false;"
   href="https://the-game-lounge.rpxnow.com/openid/v2/signin?token_url=your_token_url">
  Sign In
</a>

Any link with the class rpxnow that is on a page with the RPX javascript will popup the sign-in interface. The token_url parameter in the link should be the same as the one in the javascript, properly URL-escaped. The onclick and href attributes make sure RPX works properly for users with javascript disabled."

**********
And to embed it into the site:
**********

"To embed the RPX interface directly in to your sign-in page without using the popup, copy the iframe code below:

<iframe src="https://the-game-lounge.rpxnow.com/openid/embed?token_url=your_token_url"
  scrolling="no" frameBorder="no" style="width:400px;height:240px;">
</iframe>

Set the token_url parameter in the iframe src attribute to the URL on your website which will handle the RPX response, and make sure it is properly URL-escaped. See step 2 below for more about the token_url."

**********
That is part 1) and part 2) is what I am needing help with (what I posted in the original post). I also found this website http://github.com/grosser/rpx_now/tree/master and am not sure if that is of any help.

Thanks again.


#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:17 AM

Posted 20 April 2009 - 07:21 AM

I really just wanted the URL. The snippets of code are meaningless without context.

#9 The Game Lounge

The Game Lounge
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 20 April 2009 - 07:39 AM

Everything it said I have copy and pasted. The URL is only available if you are logged in. Ill copy and paste the entire page if you want:
*********

Quick Start for The Game Lounge
There are two main integration points:

1) Add the sign-in interface to your website

The instructions below show you how to pop up the sign-in interface as an overlay on top of your webpages, and the embed instructions show you how to add the interface directly into your webpages without a popup. Choose the option that best fits your needs.

Popup Instructions
Embed Instructions
Add the following javascript code to the bottom of each page where you'd like users to sign in:

<script src="https://rpxnow.com/openid/v2/widget"
		type="text/javascript"></script>
<script type="text/javascript">
  RPXNOW.token_url = "http://example.com/your_token_url";
  RPXNOW.realm = "the-game-lounge";
  RPXNOW.overlay = true;
  RPXNOW.language_preference = 'en';
</script>
Set RPXNOW.token_url to your URL which will handle RPX responses. See step 2 for details.

Copy the following signin/signup link to your pages:

<a class="rpxnow" onclick="return false;"
   href="https://the-game-lounge.rpxnow.com/openid/v2/signin?token_url=your_token_url">
  Sign In
</a>
Any link with the class rpxnow that is on a page with the RPX javascript will popup the sign-in interface. The token_url parameter in the link should be the same as the one in the javascript, properly URL-escaped. The onclick and href attributes make sure RPX works properly for users with javascript disabled.


Also, you may configure which providers show up in your widget and in what order from the Providers page.

2) Receive the RPX token, and get the authentication information

After a successful authentication, RPX redirects the user back to the token_url at your website as specified in step 1. Write some code to handle requests to your token_url, and extract the token parameter.

Make the auth_info API call

HTTP POST to https://rpxnow.com/api/v2/auth_info with the following required parameters:

apiKey b0ed15ef864e4bdf21.............................
token Use the token sent to your token_url
RPX will respond with a JSON formatted response including the identifier of the user.

{
  "profile": {
	"displayName": "brian",
	"preferredUsername": "brian",
	"url": "http:\/\/brian.myopenid.com\/",
	"providerName": "Other",
	"identifier": "http:\/\/brian.myopenid.com\/"
  },
  "stat": "ok"
}
Use the identifier as the unique key to sign the user in to your website. If it's easier for you to parse XML, pass the optional format parameter to auth_info with a value of xml. You'll get a response like this:

<?xml version='1.0' encoding='UTF-8'?>
<rsp stat='ok'>
  <profile>
	<displayName>
	  brian
	</displayName>
	<identifier>
	  [url=http://brian.myopenid.com/]http://brian.myopenid.com/[/url]
	</identifier>
	<preferredUsername>
	  brian
	</preferredUsername>
	<providerName>
	  Other
	</providerName>
	<url>
	  [url=http://brian.myopenid.com/]http://brian.myopenid.com/[/url]
	</url>
  </profile>
</rsp>
Finally, use the handy RPX test tool, to help you preview and test your token_url and auth_info call implementations. We also have example code for C#, Java, PHP, or Ruby on Rails.

That's it!

After implementing the steps above you should be able to successfully verify OpenID URLs, and are ready to move on to more advanced topics like importing profile data during the sign in process, and using the mapping API to link accounts.

**********
Thats it for that page, but if you want more info try going to www.rpxnow.com/docs

Cheers,

TGL

Edited by The Game Lounge, 20 April 2009 - 07:42 AM.


#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:17 AM

Posted 20 April 2009 - 08:09 AM

For starters
<a class="rpxnow" onclick="return false;"
   href="https://the-game-lounge.rpxnow.com/openid/v2/signin?token_url=your_token_url">
  Sign In
</a>

You do realize that where it says 'your-token-url' is supposed to be the url of your web page, right? First step is to get the form to display properly.

#11 The Game Lounge

The Game Lounge
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 20 April 2009 - 08:14 AM

Yes, Im not that stupid.

Heres what I have on my login page (main page):

At the bottom of the page:
<script type="text/javascript">
  RPXNOW.token_url = "http://thegamelounge.net/rpx";
  RPXNOW.realm = "the-game-lounge";
  RPXNOW.overlay = true;
  RPXNOW.language_preference = 'en';
</script>

At the top (login link):
<a
   href="https://the-game-lounge.rpxnow.com/openid/v2/signin?token_url=http://www.thegamelounge.net/rpx" class="rpxnow style13" onclick="return false;">Sign In </a>

With this code, the form pops up, you click a provider and then it returns to /rpx with the token.
Now what do I do next??

#12 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:17 AM

Posted 20 April 2009 - 08:38 AM

Yes, Im not that stupid.

I wouldn't have asked except the code on your page said exactly that. People do it all the time.
Now you do the following:
After a successful authentication, RPX redirects the user back to the token_url at your website as specified in step 1. Write some code to handle requests to your token_url, and extract the token parameter.

Make the auth_info API call

HTTP POST to https://rpxnow.com/api/v2/auth_info with the following required parameters:

apiKey b0ed15ef864e4bdf21.............................
token Use the token sent to your token_url
RPX will respond with a JSON formatted response including the identifier of the user.

Are you able to extract the token yet?

#13 The Game Lounge

The Game Lounge
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 20 April 2009 - 06:44 PM

I have no idea how to do that, what format to do it in, what format to save it in..... I have tried xml, JSON, HTML, Ruby.... maybe I was doing it right and just hadn't finished properly or maybe I had no idea. I'm putting my money on the latter.

Please help with this!

#14 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:17 AM

Posted 20 April 2009 - 07:07 PM

I'm sorry, I don't know what to tell you other than look at all of the examples, or find another website that is using the code and see what they are doing. What you are trying to do is big-time programming, and I don't have time to do it for you. :thumbsup:

Your choice is to try and figure out what is happening on your own, or go to their support forums and see if someone that uses their apis can help. This is the type of problem that you might have to work on for a week until you figure it out. I have had times where I have spent a months trying to figure out how to solve a problem; that is what programmers do.

I would try reading this though in case you missed it. I did the first time. According to this, the token url is where you want the user to go once they are validated. have you tried that?

#15 The Game Lounge

The Game Lounge
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 20 April 2009 - 07:11 PM

So that would mean that the token URL is separate from them being validated. Ive found plenty of code, Ive done what its said (as in substitute api_key and token_url etc.) but it just doesnt seem to want to work.

Thanks for your help anyway!




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users