I'm using Janrain engage to login to my CakePHP site, and when handling the user data, I want to automatically login using the $this->Auth->login()-function.

I manage to login fine if I don't redirect after the call, but if I redirect, I'm not logged in. Does anyone now why or what I can do to straigten this?

    function janrain(){
    $rpxApiKey = 'kassdkfkafkkadskfkkdfkksdk';  

    if(isset($_POST['token'])) { 

      /* STEP 1: Extract token POST parameter */
      $token = $_POST['token'];

      /* STEP 2: Use the token to make the auth_info API call */
      $post_data = array('token' => $_POST['token'],
                         'apiKey' => $rpxApiKey,
                         'format' => 'json'); 

      $curl = curl_init();
      curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
      curl_setopt($curl, CURLOPT_URL, 'https://rpxnow.com/api/v2/auth_info');
      curl_setopt($curl, CURLOPT_POST, true);
      curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);
      curl_setopt($curl, CURLOPT_HEADER, false);
      curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
      $raw_json = curl_exec($curl);
      curl_close($curl);


      /* STEP 3: Parse the JSON auth_info response */
      $auth_info = json_decode($raw_json, true);

      if ($auth_info['stat'] == 'ok') {

        /* STEP 3 Continued: Extract the 'identifier' from the response */
        $profile = $auth_info['profile'];
        $identifier = $profile['identifier'];

        if (isset($profile['photo']))  {
          $photo_url = $profile['photo'];
        }

        if (isset($profile['displayName']))  {
          $name = $profile['displayName'];
        }

        if (isset($profile['email']))  {
          $email = $profile['email'];
        }

        $user = $this->User->findByUsername($identifier);

        if($user){

            $this->Auth->login($user['User']);
            if ($this->Session->read('Auth.User')) {
                    $this->Session->setFlash('You are logged in!');
                    $this->redirect('/', null, false);
                }
        }
        else{
          $this->User->create();
          $this->User->set('username',$identifier);
          $this->User->set('displayname',$name);
          if(isset($photo_url)){

            $this->User->set('photo_url', $photo_url);
          }
          $this->User->set('password', $this->Auth->password($identifier));
          $this->User->save();
          //$this->User->set('password', $identifier);
          $this->Auth->login($this->User);          
        }

I have came accross the same problem. However i could not solve that problem. Try overriding beforeFilter on PagesController (if you are using it) and adding parent::beforeFilter in it.

public function beforeFilter() {
    parent::beforeFilter();
}

However that did not solve my problem neither. Eventually i gave up trying. Installed OPAuth, came accross several problems, however solved them. Facebook, twitter, google, etc, now works fine and integrated with my site's built-in auth system.

Links: OPAuth Website, OPAuth Download, OPAuth CakePHP Plugin

I'm having exactly the same trouble. The user isn't validated if I redirect.

The only solution I have found until now is to redirect using JavaScript after validating the user. I pass the url to redirect as a parameter to the token URL defined in the embedded widget:

$url = urlencode($baseUrl.'users/rpx?redirect=' . 'lala');

<iframe src="http://lolo.rpxnow.com/openid/embed?token_url=<?php echo $url; ?>" scrolling="no" frameBorder="no" allowtransparency="true" style="width:350px;height:216px"></iframe>

I really dislike the Auth component for CakePHP. I was having the exact same problem with CakePHP 1.2, but managed to get things working by changing my security level to 'low' in the core.php file.

Configure::write('Security.level', 'low');