Implementing OpenID

By Daniel Miessler on January 10th, 2008: Tagged as Authentication | Identity | Information Security | Internet

openid

I’ve been wanting to implement an OpenID server for a long time now. After reading this article today about how people like Google, Facebook and Plaxo are getting on board, I figured it was time to go ahead and knock it off the project list.

So using Sam Ruby’s excellent tutorial I implemented a full endpoint in about 20 minutes. I did quite a bit of personalization, but I started with the phpMyID option mentioned on the OpenID site.

So as of now I can log into any OpenID-enabled site (there are many already and it’s about to hit its tipping point) using my very own OpenID identity — in my case “http://dmiessler.com”.

Very cool stuff.

How It Works

So I’m not actually authenticating using that — the identifier just tells the site I’m logging into (the “relying” party) how to get started with authentication. What it does then is head to that URL and look for some rel tags in the HTML for the site. Those sites are where the real work is done, and they can either point offsite to an OpenID provider, or you can point to yourself (like I have) and be an endpoint yourself.

Either way, I’m transparently redirected to the provider (me in this case) and prompted for my own credentials on the site via standard username and password popup window. Once I’ve authenticated to that, a “success” message is sent back to the original website I was logging in to, and I’m let in.

So if I had to enter a username and password anyway, what’s the advantage?

The answer is that I entered my own OpenID username and password, not some specific username and password for the site I was logging in to.

Style Points

So that’s cool, but to make it even more sexy I decided to use Quicksilver’s shelf functionality to streamline the process. Any time I am prompted for an OpenID identity I simply hit Shift-Option-D. This invokes a Quicksilver trigger that pulls the string “http://dmiessler.com” off of my QS shelf (think of it as a permanent clipboard).

Sexy as hell.

Related Links

The OpenID Website
Click here to see if your OpenID-fu is strong





--



No Comments »

RSS Feed For This Post...
This Post's TrackBack URI

Leave a Comment...