Greetings, A few months ago, a co-worker of mine created a Drupal module to support OpenID logins. The module was based on Dan Libby's PHP OpenID library. For anyone wanting to catch up, it was discussed here: http://drupal.org/node/33254 Some other OpenID discussion is here: http://drupal.org/node/23256 I've taken over the development of the module and I've updated the module to use the JanRain PHP OpenID implementation, which is a feature-complete port of our Python library. Our PHP library can be found here: http://www.openidenabled.com/openid/libraries/php Here is a link to the current module source, which is under fairly heavy development: http://www.openidenabled.com/resources/downloads/php-openid/openid.module Since authentication in general is probably a topic of considerable interest to you all, I want to be sure the OpenID module measures up. I've tried to be sure I understand Drupal's authentication internals and the role OpenID can play, but please correct me where appropriate. Here are some notes about the module: - The plugin declares a block hook and provides a one-field OpenID login form that appears in the left navbar. The module is not really an authentication module because it doesn't declare an appropriate authentication hook (username@server syntax won't work for OpenID). Various other callbacks in the module handle the OpenID authentication steps and set $user when appropriate. - If you log in with an OpenID and don't have a local Drupal account, an account is created for you with the appropriate authmap record. However, you'll be prompted for an email address upon successful OpenID authentication *before* the Drupal account is created. (My goal here is to make sure any kind of profile info needed is collected before the OpenID-auth'd user is allowed into Drupal.) - My major concern is how to blend OpenID with existing accounts so users can choose to use OpenID for their accounts. On my drupal installation, I can log in with a username and password or OpenID to access the same account, provided the appropriate authmap record is present (which I created manually). The use case we can think of here is, "I'm already known as johnboy on this Drupal installation, but I want to access the johnboy account with an OpenID now. How can I tell Drupal about that?" I'm thinking that the OpenID module can implement a form to let users configure this, but it will probably involve setting the users.pass field to NULL. What do you think? Do you have any recommendations for how we should go about doing this? What would be consistent for your futuristic vision of Drupal authentication? Any feedback would be much appreciated. Thanks! -- Jonathan Daugherty JanRain, Inc.