diff options
| -rw-r--r-- | NEWS | 140 |
1 files changed, 52 insertions, 88 deletions
@@ -1,88 +1,52 @@ -What's New in PHP OpenID 1.1.0 -============================== - -Version 1.1 of the PHP OpenID library implements recent changes to the -OpenID specification as well as making API changes that should make -integration with applications easier. The consumer and server -examples have been updated to use the new APIs. As usual, if you have -any questions or would like to provide any kind of feedback at all, -please subscribe to our development discussion list (see README) and -let us know! - -Yadis Support -------------- - -One of the major changes to OpenID since the last release has been the -approval of Yadis discovery as the preferred way to specify the OpenID -metadata for an identity URL instead of using <link> tags in -HTML. This library does Yadis discovery, and if that fails, it falls -back to old-style discovery. - -Some advantages of Yadis support are: - - * Support for fallback if your primary OpenID provider is not - available - - * Support for load-balancing between OpenID servers - - * Easy interoperability for different identity services - -For more information about Yadis, see http://yadis.org/ or -http://www.openidenabled.com/yadis/. - -Extension Support ------------------ - -OpenID also has formalized support for extensions. Extensions are a -mechanism for transferring information from the consumer to the server -and from the server to the consumer in the process of performing -OpenID authentication. Extensions are implemented as additional -namespaced query arguments that go along with standard OpenID requests -and responses. This library provides a simple API for adding extension -arguments to requests and extracting extension responses from replies. - -Consumer API ------------- - -The consumer API has been changed for more natural use as well as to -support extension arguments. - - * Auth_OpenID_Consumer($store, [$fetcher], [$immediate]) is now - Auth_OpenID_Consumer($store, [$session]). The session object is an - instance of Services_Yadis_PHPSession or a subclass thereof. The - default implementation wraps PHP's session machinery. - - * Auth_OpenID_Consumer::beginAuth($user_url) is now - Auth_OpenID_Consumer::begin($user_url) and either returns an - Auth_OpenID_AuthRequest object or returns null. There is no more - tuple unpacking or status codes. - - * Auth_OpenID_Consumer::constructRedirect($auth_req, $return_to, - $trust_root) is now - Auth_OpenID_AuthRequest::redirectURL($trust_root, $return_to, - [$immediate]). - - * Auth_OpenID_Consumer::completeAuth($token, $query) is now - Auth_OpenID_Consumer::complete($query). It no longer returns a - tuple. Instead it returns an object that has a status code and - additional information about the response. See the API - documentation and examples for more information. - -Server API ----------- - -The server API has been changed for greater extensibility. Instead of -taking an "is_authorized" callback, processing happens in several -stages, allowing you to insert extension data into the response before -it is signed and returned. See the documentation for the Server.php -file. Particularly, see the server example code in the examples/ -directory. - -Upgrading ---------- - -The server changed the way it indexes associations in the store, so if -you're upgrading a server installation, we recommend you clear the old -records from your store when you do so. As a consequence, consumers -will re-establish associations with your server a little sooner than -they would have otherwise. +What's New in PHP OpenID 2.0 +============================ + +The big news here is compatibility with version 2.0 of the OpenID +protocol. Highlights include: + + * Simple Registration support in a new module Auth/OpenID/SReg.php. + (Those previously using + Auth_OpenID_SuccessResponse::extensionResponse() are advised to + look here and at the example consumer and server for detailed usage + information.) + * OpenID provider-driven identifier selection. + * "Negotiators" allow you to define which association types to use. + * Improved examples/detect.php script (bugs fixed) + * Improved layout of example consumer (see examples/consumer) + * An improved HTML parser implementation + * Library is now immune to being included inside functions and + methods + + +Upgrading from earlier versions of this library +----------------------------------------------- + +One of the additions to the OpenID protocol was a specified nonce +format for one-way nonces. As a result, the nonce table in the +SQL-driven stores has changed. You'll need to run +contrib/upgrade-store-1.1-to-2.0 to upgrade your store, or you'll +encounter errors about the wrong number of columns in the oid_nonces +table. + +Consumers should now pass an additional parameter to +Auth_OpenID_Consumer::complete() to defend against return_to URL +tampering. + + +Summary of API Changes +---------------------- + + - Auth_OpenID::fixArgs is now no longer necessary, and +Auth_OpenID_Consumer::complete and Auth_OpenID_Server::decodeRequest +no longer take query argument arrays. + + - Auth_OpenID_SuccessResponse::extensionResponse() is no longer the +preferred way to extract extension response parameters from the OpenID +response. Instead, see the Auth/OpenID/SReg.php module and the +example consumer and server for detailed usage information on +constructing Simple Registration requests and inspecting responses. + + - The Auth_OpenID_Server's response answer() method now takes +addition parameters to support provider-driven identifier selection. +See the example server and the documentation for +Auth_OpenID_CheckIDRequest::answer. |