[development] OpenID
Jonathan Daugherty
cygnus at janrain.com
Thu Feb 9 22:21:54 UTC 2006
Greetings,
A few months ago, a co-worker of mine created a Drupal module to
support OpenID logins. The module was based on Dan Libby's PHP OpenID
library. For anyone wanting to catch up, it was discussed here:
http://drupal.org/node/33254
Some other OpenID discussion is here:
http://drupal.org/node/23256
I've taken over the development of the module and I've updated the
module to use the JanRain PHP OpenID implementation, which is a
feature-complete port of our Python library. Our PHP library can be
found here:
http://www.openidenabled.com/openid/libraries/php
Here is a link to the current module source, which is under fairly
heavy development:
http://www.openidenabled.com/resources/downloads/php-openid/openid.module
Since authentication in general is probably a topic of considerable
interest to you all, I want to be sure the OpenID module measures up.
I've tried to be sure I understand Drupal's authentication internals
and the role OpenID can play, but please correct me where appropriate.
Here are some notes about the module:
- The plugin declares a block hook and provides a one-field OpenID
login form that appears in the left navbar. The module is not
really an authentication module because it doesn't declare an
appropriate authentication hook (username at server syntax won't work
for OpenID). Various other callbacks in the module handle the
OpenID authentication steps and set $user when appropriate.
- If you log in with an OpenID and don't have a local Drupal account,
an account is created for you with the appropriate authmap record.
However, you'll be prompted for an email address upon successful
OpenID authentication *before* the Drupal account is created. (My
goal here is to make sure any kind of profile info needed is
collected before the OpenID-auth'd user is allowed into Drupal.)
- My major concern is how to blend OpenID with existing accounts so
users can choose to use OpenID for their accounts. On my drupal
installation, I can log in with a username and password or OpenID
to access the same account, provided the appropriate authmap record
is present (which I created manually). The use case we can think
of here is, "I'm already known as johnboy on this Drupal
installation, but I want to access the johnboy account with an
OpenID now. How can I tell Drupal about that?" I'm thinking that
the OpenID module can implement a form to let users configure this,
but it will probably involve setting the users.pass field to NULL.
What do you think? Do you have any recommendations for how we should
go about doing this? What would be consistent for your futuristic
vision of Drupal authentication? Any feedback would be much
appreciated.
Thanks!
--
Jonathan Daugherty
JanRain, Inc.
More information about the development
mailing list