On Fri, Jun 27, 2008 at 7:25 PM, Michael B Allen <[EMAIL PROTECTED]> wrote: > On 6/27/08, Alex <[EMAIL PROTECTED]> wrote: >> Hello, >> >> I have my own registration system where users can create accounts, but I >> would also like to give them the option to use other types of logins, such >> as OpenID, Gmail, etc. >> >> What would be the best way to represent something like that in the database? > <snip> >> I would then use my User class to map data from the different protocols >> uniformely. >> >> Is there a better way to implement this? I know my discards foreign key >> checks, which is not ideal... > > Hi Alex, > > Create different authentication providers for each authority. So you > have a local DB provider, an OpenID provider and possibly others for > each authentication / authorization scenario. Then you have some logic > that performs the external authentication (e.g. OpenID) if necessary, > extract a canonical username from that auth context (preferably one > that is qualified with a domain), search the local DB provider for the > corresponding account and create one with information from the > external provider if it does not already exist. Then you create a User > object that represents the local account since that is where most of > the application specific data will be. > > That's how I do it anyway and this is how many popular applications > handle external authentication (conceptually anyway). It normalizes > things which allows you to swap providers if desired without changing > higher level code. I would not put anything in the DB regarding > external providers.
We are using different Auth adapters, with Zend_Acl - it's a piece of cake.