So, I finally tweaked the installation of OpenID in place, and it works very well. I believe that I will talk in detail about some of the problems that I have encountered.
- There are more than three states / steps in the OpenID login process. This is confusing because the documentation and sample code will lead you to the conclusion that there are three of them. There are, in some cases, up to seven. Browse your serverβs logs and see how many times the SERVER and USER (those who request authentication) get into PROVIDER (which you are probably setting up). It's hard to debug something when you look at only half the interactions
- Many vendors use the incomplete OpenID 2.0 specification. (This is slightly better.) Specification 2.0 differs from Specification 1.0; SERVER (s) establishes trust with the SUPPLIER (you). Net :: OpenID :: Server handles this gracefully, but does not tell you which specification it uses. Specification 2.0 adds a step to the connectivity process.
- Set up your own OpenID SERVER for easy testing. I used a simple Rails server with a ruby-openid gem. It took about 10 minutes to set up a simulation of a real real server.
- This should be taken for granted, but make sure your login process has no status. We had a global variable that handled how the user was verified. Since the use of this variable made certain assumptions that were incompatible with the OpenID login process, users were allowed to log in to accounts other than their own. Obviously, this is bad. Several closures, and we have some stateless and more secure code.
In general, OpenID is very cool as soon as you earn it.
Kelly sutton
source share