how to get data in hidden form(post) using LightOpenId

Question

I m trying to create login system that uses openid for this I used following code

<?php
require 'openid.php';

try{
$openid = new LightOpenID('www.mydomain.com');

if(!$openid->mode){
    if(isset($_GET['login'])){
   if(isset($_POST["google"])){
    $openid->identity = 'https://www.google.com/accounts/o8/id';
   }
   elseif(isset($_POST["yahoo"])){
    $openid->identity = 'https://me.yahoo.com';
       }
   else{ //do nothing }

       $openid->required = array('namePerson/friendly', 'contact/email');
       header('Location: ' . $openid->authUrl());
    }
 ?>
 <form action="?login" method="post">
   <button id="google" name="google">Login with Google</button>
   <button id="yahoo" name="yahoo">Login with Yahoo</button>
 </form>
 <?php
}
else{   
    echo 'User ' . ($openid->validate() ? ' has ' : 'has not ') . 'logged in.'; 
}
 } catch(ErrorException $e) {
   echo $e->getMessage();
 }
 ?>

This code works fine. But my problem is when user authenticates with google or yahoo they redirect back with parameters added to url(ie with GET method). Is there any way by which I can hide data in url (with POST method).

Thanks in advance.

Answer 1

If I understand correctly, you don't want the provider to send openid parameters using GET. Well, you can't force a provider to send you something over POST (or GET, or any other http method). Some do that, others don't, LightOpenID itself supports receiving data from both POST and GET, but there's still no way to force the provider to use either one.

You could, however, immediately redirect your user to another page, so that he wouldn't see the url, if that's what you want.