Code Examles


Basic WWPass authentication


  • You have a web server with PHP support and MySQL database server. We have tested the application on what is called "LAMP" configuration (Linux/Apache/MySQL/PHP) - Linux Ubuntu 12.04.
  • You have registered your site and got WWPass Service Provider credentials (certificate and private key). If your site has the URL of "" and you follow the recommended file naming when obtaining SP credentials, the files will be named as (for certificate) and (for private key). WWPass CA certificate should also be downloaded and made accessible to our application. If you have root access to your computer, then /etc/ssl is appropriate place to store the certificates and the key.
  • You have created a database, accessible from your Web server. Let us call it "wwpass_puid_db". Let the database user be "wwpass_puid_db_user" with password "wwpass_puid_db_password".


First, create a table in the "wwpass_puid_db" database:

`wwpass_puid` varchar(64) CHARACTER SET utf8 NOT NULL,
`display_name` varchar(100) CHARACTER SET utf8 NOT NULL DEFAULT '',
UNIQUE KEY `wwpass_puid` (`wwpass_puid`)
) ;

Structure for the application#

Next, we assume the following directory structure for the application:

./lib/wwpass.php is a library providing PHP wraps for WWPass REST protocol
./images directory holds "Login with WWPass" button images.

index.php file is the application code.


The code intentionally lacks error checking for the sake of simplicity and clarity.

Code content is a follows:

/* Configuration block.
Define your own database credentials, ServiceProvider name and certificate files
$mysql_hostname = "localhost";
$mysql_database = "wwpass_puid_db";
$mysql_user = "wwpass_puid_db_u";
$mysql_password = "wwpass_puid_db_password";
$key_file = "/etc/ssl/$SP_name.key";
$cert_file = "/etc/ssl/$SP_name.crt";
$ca_file = "/etc/ssl/wwpass_sp_ca.crt";
/* end of configuration block */
if (!array_key_exists('puid', $_SESSION)) {
// user is not logged in yet
if( !array_key_exists('ticket', $_REQUEST) || !$_REQUEST['ticket'] ) {
Step 1: show a screen with a login button. The button click starts token authentication.
On success token obtains a Ticket for our Servcie Provider.
The Ticket will be sent to web server in a GET request
<!-- Load WWPass JS library -->
<script type="text/javascript" src="//"></script>
<script type="text/javascript" charset="utf-8">
/* The auth_cb function is called upon token authentication,
On success it sends the Ticket
back to the web server in a GET request */
function auth_cb(status, ticket_or_reason) {
if(status == WWPass_OK) {
window.location.href = 'index.php?ticket=' + encodeURIComponent(ticket_or_reason);
// button click starts token authentication, calls auth_cb with a valid Ticket for $SP_name
function token_auth(ticket_or_sp_name) {
wwpass_auth({ 'ticket': ticket_or_sp_name, 'callback': auth_cb});
<!-- login button -->
<img src="./images/loginwWWP-257x56.png" alt="Login with WWPass"
onmouseup="this.src='images/loginwWWP-257x56.png';token_auth('<?php print($SP_name); ?>')"
} else {
/* Step 2:
array_key_exists('ticket', $_REQUEST): We got a Ticket in GET request
Our app will authenticate itself in WWPass and send the Ticket
On success the application will be allowed to obtain this user PUID
$ticket = $_REQUEST['ticket'];
try {
//authenticate this site at WWPass
$wwc = new WWPASSConnection($key_file,$cert_file,$ca_file);
// and receive the PUID - Provider's UserID
$puid = $wwc->getPUID($ticket);
// got PUID, user authenticated
$_SESSION['puid'] = $puid;
header('Location: index.php');
} catch (Exception $e) {
$error = $e->getMessage();
print $error;
} else {
/* Step 3:
array_key_exists('puid', $_SESSION): user already authenticated,
Routine work with with local database, no more WWPass specifics
In more advanced cases we might use WWPass data containers to keep some - or all - user data.
This functiionality exceeds that of basic PUID service.
See SP SDK for details.
if (isset($_REQUEST['logout'])) {
// return to login screen
// connect to the database
$link = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password,$mysql_database)
or die("Cannot connect to mysql server $mysql_hostname");
// use PUID to find user record
try {
$result=mysqli_query($link, "SELECT * FROM users WHERE wwpass_puid='$puid'");
} catch (Exception $e) {
$error = $e->getMessage();
print "catched "; print $error;
if ($result->num_rows == 0) {
// new user, add a record
$result=mysqli_query($link, "INSERT INTO users (wwpass_puid, display_name) VALUES ('$puid', 'anonymous')");
$result=mysqli_query($link, "SELECT * FROM users WHERE wwpass_puid='$puid'");
if (isset($_REQUEST['nick'])) {
// user changes the display_name
$nick = $_REQUEST['nick'];
$nick = stripslashes($nick);
$nick = mysqli_real_escape_string($link, $nick);
$result=mysqli_query($link, "UPDATE users SET display_name='$nick' WHERE wwpass_puid='$puid'");
Hello <b><?php print $nick; ?></b>
<p><form method = "get"> New name: <input type="text" name="nick" value = "<?php print $nick; ?>">
<input type="submit" value="Change"><br></form></p>
<form method = "get"> <input type="submit" name="logout" value="Logout"></form>

Code examples in red must be changed to reflect your web application

The example code determines what the behavior of your web application should be based on the following three scenarios:

  1. WWPass Key is authenticated for the first time and the user does not already have an account with your site, start registering new user.
  2. WWPass Key is authenticated for the first time and the user already has an account with your site, update the database, set the appropriate session variable and proceed.
  3. WWPass Key is already linked to a user account. Simply set the appropriate session variable and proceed.

The details of handling these scenarios may be different. It all depends on what sort of web application you have. For example you may just automatically register a new user without asking anything.

Congratulations, your site is now WWPass-enabled.