Tag Archives: tank auth

Solving OpenID redirect error

I’m in the middle of creating what I now call “XTA2″, which involves extending the CodeIgntier Tank Auth library. The extension task includes plugging in other 3rd party authentication mechanisms like Facebook, Twitter, Google Friend Connect, OpenID (e.g. Google and Yahoo).

Well, I’m at the end of my troubles with OpenID and I think I am close to finishing this off so I can release it. But I have found a rather funny interesting error and I thought I should write down the solution, which would hopefully help me in the future.

The error occurs when a user types in their username and password and the OpenID authenticates by returning an OpenID authentication URL (which could be rather long). I am using Light OpenID package, and the error happens in the following part of the code.

if(!isset($_GET['openid_mode']))
{
$lightopenid = new Lightopenid;
$lightopenid->identity = ‘https://www.google.com/accounts/o8/id’;
$lightopenid->required = $required_attr;
redirect($lightopenid->authUrl(), ‘refresh’);
}

The actual error is that you will either get 403 error, which says “Access Denied” or “Permission not given” or something along the lines of “You don’t have the right access privilege to get this page”. And if you reached this far with your effort, then know that you have done everything right and the error is happening because of Apache module issue.

In the OpenID authentication URL, there are several URLs included and in Apache, you can block these URLs in the query string with mod_security module. Many of the shared hosting servers set this feature (and for a right reason I am sure) and if that is your case, you will see this error.

My hosting company was Hostgator and I have told them of the problem and they have kindly whitelisted my URL so that this error doesn’t occur any longer. If you are running of VPS or your own server, then I’m pretty sure you wouldn’t see this error.

I was able to track this problem down, thanks to this post on Stackoverflow : http://stackoverflow.com/questions/4696234/lightopenid-forbidden-when-redirecting-back

Tank Auth with Google Friend Connect

As I promied myself, I released Tank Auth extension that integrates with Google Friend Connect. I originally thought this part would be trickiest. However, the task turned out quite straight forward. Google provides an easy to understand manual on using the API and it’s all about fiddling a little bit with Javascript.

One interesting thing is that there doesn’t seem to be an active interest in Google Friend Connect. This is especially in comparison to Facebook or Twitter. I’ve read a few forum comments complaining about the lack of support in bringing out new features to GFC. The library is available on my GitHub page.

Well, I am not sure how long this thing will exist, but nonetheless, I know it works well with Tank Auth. In addition to using your Google account, GFC comes with OpenID, AOL and Yahoo! integration as well! So you get more than what you bargain for.

Moving on to Tank Auth and Google Friend Connect (OpenSocial way)

I’m on a roll today. I released Tank Auth and Twitter Authentication library on my GitHub page about an hour ago, and I thought, “hey, why don’t I move onto Google Friend Connect?”. And that’s exactly what I did.

Mind you, this isn’t the first time I attempted this feat. I remember trying to find a decent tutorial or article to get Google Friend Connect working with CodeIgniter or/and Tank Auth and for some reason I couldn’t. Maybe I was just looking for an easy way (i.e. Copy & Paste).

Anyway, I went through the Google API document for Friend Connect and well, it turns out, things are not as bad as it seems. In fact, it was probably the simplest authentication mechanism to work with. Right now the code might not be as cleaned up as I would like, but soon, I’ll release it as XTA v0.3.

XTA – Extending Tank Auth with 3rd Party Authentication (e.g. Facebook Connect for now)

A few days ago, I decided to post up my first GitHub project. How lazy of me to take this long to post it up. Anyway, I wanted to share a basic CodeIgniter project that integrates Tank Auth with Facebook Connect authentication. I’m quite sure there would be other people who have done similar things, but last time I checked the CI forum, there doesn’t seem to be a downloadable plug-in for this.

Well, I have finished up the v0.1 and it is now available for all to see at GitHub project page. For now, Tank Auth is integrated with Facebook only. So you can either choose to register via Tank Auth or Facebook. I’ll try to update it with Twitter soon.

Modify Tank Auth Captcha feature

I use Tank Auth a lot for my CodeIgniter development work. It’s nice & flexible and since I’ve used it a number of times, I’m much more familiar with it now than before. One of the nice features of this tool is that it comes with the CAPTCHA feature. However, the default settings for Tank Auth captcha sometimes renders the image in such a way that is hard to read for users. So it is always good if you can modify it (e.g. change the colours, option of using numbers, small or capital letters).

Such modification can be made in captcha_helper.php file. Look for this file and then go all the way down to around line 111 and 150. In line 111, I changed it to following

$pool = ‘ABCDEFGHIJKLMNOPQRSTUVWXYZ’;

Because sometimes numbers and letters are hard to differentiate. On line 150, I changed the colours involved in CAPTCHA image.

$bg_color        = imagecolorallocate ($im, 240, 240, 240);
$border_color    = imagecolorallocate ($im, 210, 210, 213);
$text_color        = imagecolorallocate ($im, 134, 156, 178);
$grid_color        = imagecolorallocate($im, 179, 207, 235);
$shadow_color    = imagecolorallocate($im, 255, 240, 240);

Now the letters in the images are clearer and easier to recognize for users.