OpenID alpha

[rrichards_]

For anyone interested I have the start of an OpenID plugin available:
http://www.cdatazone.org/files/s9y/s9y_openid.zip

This is a step back from a previous version some people have seen that provided a lot more functionality. Rather than writing the plugin the way I think things should work, I decided to start from scratch and implement only OpenID authentication for existing users so that people can take a look and maybe provide some feedback *or take over the plugin (please contact me if interested)* as I would like to focus on my infocard authentication.

With this current implementation, at the bottom of the personal settings screen in admin, an OpenID to use for logins can be entered and associated with the account. I wasnt sure at this point to allow any ID to be entered, so currently when setting an OpenID here it autheticates with the id to insure that it is a id the user controls. (This means an admin cant change an ID for someone else - which may or may not be deisred behavior).

I am pretty sure that it should work against PHP 4, but I dont run that anymore so cant test. It is currently marked as requiring PHP 5.1.3 (one of my base systems and my requiremement for infocard) so it needs to be changed when installing in a different PHP version. It also requires the un-released 1.2 version of s9y.

The download is a little large (440K) as it includes the full JanRain OpenID library though I might be able to cut that down by not having to include all files (checking on any issues around that). Any feedback would be greatly appreciated and again please let me know if anyone wants to take over this code.

Rob

[judebert]

Outstanding! I'll have a look at it sometime soon.

[garvinhicking]

Hi rob!

Funny thing, this night I dreamt of the outstanding openID stuff and wanted to contact you first thing in the morning.

Anyways, many thanks for providing this public example. I also linked to it in the official s9y blog and hope that people will testdrive the plugin. I myself do not currently have an openid account, but I will try to test it soon, also to understand openid/infocard more clearly.

Either case, your work is much needed and I hope people can contribute feedback here!

Best regards,
Garvin

[mattsches]

Hi Rob, I installed your plugin on my local machine, edited my account data, entered my OpenID URL, and logged in. Worked just great

However, I set up my own webserver as an OpenID identifier (to delegate my OpenID), and your plugin did not accept this URL, i.e. I couldn't save it in my account settings. This is a minor issue IMHO, but should be fixed in one of the next releases. If I find the time (which I doubt very much), I can take a look at it, but I hope someone else will look after the plugin if you turn to other tasks.

Thanks for your great work!
- Mattsches

[rrichards_]

Hi Mattsches,

However, I set up my own webserver as an OpenID identifier (to delegate my OpenID), and your plugin did not accept this URL, i.e. I couldn't save it in my account settings. This is a minor issue IMHO, but should be fixed in one of the next releases. If I find the time (which I doubt very much), I can take a look at it, but I hope someone else will look after the plugin if you turn to other tasks.

Delegate IDs are one thing I had not yet tested. Did it fail before or after confirming your OpenID? I'll try to check it out this weekend though. To make it clear for everyone who might want to use the plugin, I do plan on maintaining this until someone else steps up, though I won't be rushing to add any new features to it.

Rob

[hgoor]

Can someone kindly take the time to explain what this plug-in is/does and why it would be handy?

Most plugins start out by describing things like: "I wanted a guestbook with antispam plugin so I developed one because it did not existed yet."

[judebert]

Having been busy, I haven't been able to look at it yet. But, OpenID allows you to use a URL into an identity. Anyone who wants to verify your identity will ask the URL -- which will ask you to enter your password -- and then the URL will report back that you are who you say you are.

It's not a perfect system for everything, but it's a pretty good system for identification. I'm http://judebert.com/, of course. When I go to a service that supports OpenID -- say, a blog I want to comment on -- I tell them I'm http://judebert.com/. They connect to judebert.com and ask it if they'll vouch for me. It might pop up a password window, which I'll use. (I can tell judebert.com to always authenticate me with this blog, or to do it just for this session, or just this once... you get the idea. If I've told it to authenticate automatically, I might never even see the login window.) Judebert.com then tells the blog that sure, that's http://judebert.com/; how could you ever mistake him for anyone else? Then the blog lets me leave my comment.

Notice that the blog never got to know my password. It didn't get my email address, either. Nor did I have to set up an account. All it knows is who authenticated me.

So, this plugin allows at least one of the following:
a) Allows you to use your OpenID to log in to your existing blog account.
b) Allows you to use your existing blog account as an OpenID in other places.
c) Allows people with OpenIDs to leave comments or articles on your blog without having to create an account.

I'm pretty sure it does a), betting it won't do b), and pretty certain it won't do c). We need a maintainer to make it do all three. If we can get it done before certain other competitors, it'll be a feather in our cap.

[hgoor]

@Judebert:

Thanks for the explanation. I'm confused as how this would be useful for my blog, but I guess it must in some way or form otherwise no one whould have taken the time to develop such a plugin

[rrichards_]

Mattsches,

How are you doing the delegation? I finally got around trying it with a delegated ID and it worked fine - added the link tags for the openid server and delegate to one o fmy sites and used it against my verisign openid.

Judebert,

It currently does A.

My origional code, that a few people have a hold of, did support C along with a bunch of other functionality, but I backed off all that for now because the workflows and the manner of integration I did really needed user input. I rather have something people can start playing around with now and then go from there.

As far as C, I dont see how that would work other than allowing the blog to be a delegate ID (this is actually a feature I was thinking about adding in the near future). The reason being is how do you decide who's account is associated with the blog? Are all admin logins acceptable for the url? I dont see how to provide unique urls for each user account.

[mattsches]

Mattsches,

How are you doing the delegation? I finally got around trying it with a delegated ID and it worked fine - added the link tags for the openid server and delegate to one o fmy sites and used it against my verisign openid.

I added the link tags for my delegation to my blog, which delegates to my ClaimID account. IIRC it works on other OpenID enabled sites, I haven't used it very often so far.

If I try to change my OpenID url in the admin area, I get "Invalid OpenID Entered", so maybe I will have to grep the code for this ... but not today ;O)

[judebert]

hgoor, if you're like most bloggers, you require a login to leave comments because spam has become overwhelming. You can understand that some surfers might not have a high level of confidence in your blog where their privacy/security is concerned, and besides, who wants to sign up for another account? Just one more guy with my email address, and then I have to keep track of it, and its password, blah blah blah.

OpenID would allow people to leave comments without signing up. One feature of the OpenID plugin could be spam filtering by blocking either specific OpenIDs or OpenIDs from a particular registrar or domain. In any case, it would reduce the hassle for surfers, while keeping spam low for bloggers.

Just one example. It also ensures that the person making the comment is actually who he says he is, reducing the possibility for a faker to besmirch your good name.

[lorbas]

@rrichards_,

nice plugin. Authentication works right from the start, though I had to undeclare some class methods static to make it work with PHP 4.4.4

But it doesn't seem to assicate with the related user fully: After authenticating with my openid I get an:

"Angemeldet als Anonymous (Administrator)" in the upper right corner, which is especially funny...

-- Boris

[rrichards_]

I have an updated version of the plugin available:
http://www.cdatazone.org/files/s9y/s9y_openid-0.2.zip

This version has a few minor changes:
- Adds capability to setup delegation so that the blog can be used as an OpenID via delegation to another OpenID.

- Removes a bunch of additional files from the JanRain library (such as tests, examples, docs, etc..) making the download MUCH smaller in size and a bit more manageable.

Mattsches,

I found the issue you are running into. It is due to preg_match code failing in the OpenID libraries due to the size of your index page. So far they are not going to alter the code, but if you add an additional meta tag with the XRDS-Location, it will work fine as it uses that over the link tags. I have added this capability in my 0.2 release.
<meta http-equiv="X-XRDS-Location" content="http://yoururl.myopenid.com/xrds" />

Lorbas,

I just noticed that in the top corner. It is some left over code I believe I was using when I had built in support for anonymous logins (not in my currently releases). I will take care of that as well as taking a look at the static methods (sorry - I dont code in PHP 4 anymore and forget about everyone else in that environment). I wont get to another release for about a week as I am currently traveling and cant afford to break any of the current code on my laptop right now.

Rob

[mattsches]

Thx, Rob, haven't heard of X-XRDS-Location before, but will definitely read up on this.

- Mattsches