how to verify google openid response

Question

I\'m trying to add authorization throw google openid to my users. I\'m receiving id (https://www.google.com/accounts/o8/id?id=AIt...Ew-Bo) but how can i check that it\'s legit.

Answer 1

function ValidateWithServer(){
    $params = array(
        'openid.assoc_handle' => urlencode($_REQUEST['openid_assoc_handle']),
        'openid.signed' => urlencode($_REQUEST['openid_signed']),
        'openid.sig' => urlencode($_REQUEST['openid_sig'])
    );
    // Send only required parameters to confirm validity
    $arr_signed = explode(",",str_replace('sreg.','sreg_',$_REQUEST['openid_signed']));
    for ($i=0; $iGetOpenIDServer();
    if ($openid_server == false){
        return false;
    }
    $response = $this->CURL_Request($openid_server,'POST',$params);
    $data = $this->splitResponse($response);

    if ($data['is_valid'] == "true") {
        return true;
    }else{
        return false;
    }
}