OpenID

Archived Posts from this Category

Jyte.com

Posted by Greg on 01 Feb 2007 | Tagged as: OpenID, fun, planetosl

Jyte.com is a remarkably simple, yet interesting new site (just opened up this week!) that leverages the concept of an online identity, credibility via a web of trust-type mechanism, and claims that can be agreed or disagreed, and discussion about aforesaid claims - all tied up with OpenID identity/authentication.

Jyte is just one example of how disaggregation of authentification and identity from the actual tools can be useful. OpenID (and Jyte, for that matter) are based on open protocols and interfaces that can be worked into existing or new tools. Jyte claims can be embedded in blogs or web pages or course activities. Jyet “cred” is available for other systems to use and/or display. Jyte group membership might be used by other applications like discussion groups or online courses to customize content or control access. Private or members-only claims and group moderator membership management tools are coming, so an educator could use groups to organize students into teams for a group project that uses Zoomr.com (another OpenID-enabled tool) photo sharing and hooks into a LiveJournal blog (another OpenID-enabled tool) … or … sheesh, I don’t know. There are so many possibilities that more creative people than I can dream up - and Jyte is only one example of an OpenID-enabled application. OpenID is a new and rapidly-growing protocol that is seeing explosive growth in fascinating and novel new online applications.

Plus, it’s fun. I don’t quite know why, but I’m finding Jyte strangely addictive. And quite funny on occasion:

Descartes would have a field day with that one! And, no, I have no idea who Oscar J Carlton IV is … never met ‘em!

1 Comment »

OpenID and Drupal 4.7, Part 2

Posted by Greg on 30 Jan 2007 | Tagged as: ORVSD, OpenID, drupal, planetosl

User name validation - a quick look at the Drupal API reveals exactly the function I needed: user_validate_name()

To add user name validation to the OpenID Drupal module, add the following code to the openid_create_account_submit() function immediately after the $query = $_POST; statement:
if (user_validate_name($query['edit']['fullname']) != NULL) {
$error = user_validate_name($query['edit']['fullname']);
drupal_set_message('Name is invalid. '.$error, 'error');
header("Location: " . url('openid/get_email'));
exit(0);
}

Worked like a charm. Any user name submitted when registering using an OpenID is now validated against Drupal’s internal user name validation - alphanumeric characters and spaces only. Anything else drops the user back to the name and email request form with an error telling them why the name was rejected. Slick!

Now I just need to figure out how to map existing Drupal users in the database to OpenIDs. Anyone done that before?

UPDATE: Resolved the above question. Add a record to the authmap table with the user’s UID and OpenID. Make sure the OpenID is normalized (has the trailing slash).

UPDATE #2: Updated the diff file that shows what I changed from the stock OpenID Drupal module.

No Comments »

OpenID and Drupal 4.7

Posted by Greg on 30 Jan 2007 | Tagged as: ORVSD, OpenID, drupal, planetosl

What can I say beyond, “It works!”

Oh, all right. I suppose I could say a few things. The stock OpenID Drupal module works, but it needed a bit of improvement to be useful to us. OpenID on DrupalBy default, the OpenID module creates a Drupal user whose name is their OpenID. That is somewhat problematic, since OpenIDs tend to be somewhat lengthy. So lengthy, in fact, that I have yet to find a Drupal theme that handles them well. They usually either get cropped or overflow into the next column, depending on the CSS. Less than optimal.

We really want to use OpenID as the authentication for the OVSD systems. Justin and I were talking in IRC about his efforts to get it running with Drupal 5. I was feeling inspired, so last night I took a whack at it. With a remarkably-small amount of head-scratching, I was able to modify the stock OpenID Drupal module (v1.1.1) to pull the user’s full name from their OpenID profile and use it as their Drupal name.

I cracked open the openid.module file and made the following changes:

  1. First, we need to tell the OpenID consumer to grab the user’s full name from their OpenID profile. To do that, we change the request from this:
    $auth_request->addExtensionArg('sreg', 'optional', 'email');

    to this:
    $auth_request->addExtensionArg('sreg', 'optional', 'email,fullname');

  2. Now that we have the user’s full name, we need to store it for use later. To do that, we add a line in this statement:
    if ($sreg) {
    $_SESSION['sreg_email'] = $sreg['email'];
    }

    to look like this:
    if ($sreg) {
    $_SESSION['sreg_email'] = $sreg['email'];
    $_SESSION['sreg_fullname'] = $sreg['fullname'];
    }

  3. Now that we have the information we need, we can use it in the registration form. When the module gets a login request from a user not already in the Drupal user table, it prompts them to enter their e-mail address:
    $form['email'] = array('#type' => 'textfield',
    '#title' => t('Email Address'),
    '#default_value' => @$_SESSION['sreg_email'],
    '#size' => 25,
    '#maxlength' => 64,
    '#description' => t('Enter your email address.')
    );
    $form['submit'] = array('#type' => 'submit',
    '#value' => t('Submit')
    );
    $form['#action'] = url('openid/get_email');
    $content = sprintf("<h3>Create account with OpenID</h3><p>Before logging in " .
    "with your OpenID (%s), you must enter an email address:</p> %s",
    $_SESSION['openid'], drupal_get_form('openid_create_account',
    $form));

    So we just need to add the user’s full name to the registration form:
    $form['email'] = array('#type' => 'textfield',
    '#title' => t('Email Address'),
    '#default_value' => @$_SESSION['sreg_email'],
    '#size' => 25,
    '#maxlength' => 64,
    '#description' => t('Enter your email address.')
    );
    $form['fullname'] = array('#type' => 'textfield',
    '#title' => t('Full name'),
    '#default_value' => @$_SESSION['sreg_fullname'],
    '#size' => 25,
    '#maxlength' => 64,
    '#description' => t('Enter your full name.')
    );
    $form['submit'] = array('#type' => 'submit',
    '#value' => t('Submit')
    );
    $form['#action'] = url('openid/get_email');
    $content = sprintf("<h3>Create account with OpenID</h3><p>Before logging in " .
    "with your OpenID (%s), you must enter your name and email address:</p> %s",
    $_SESSION['openid'], drupal_get_form('openid_create_account',
    $form));

  4. Lastly, we need to create the user. The stock OpenID module sets the Drupal “name” field in the “users” table to be their OpenID here:
    $user = user_save('', array('name' => $_SESSION['openid'],
    'pass' => user_password(),
    'mail' => $query['edit']['email'],
    'init' => $_SESSION['openid'],

    To use the “fullname” variable we grabbed from the user’s OpenID profile, we just need to change it to this:
    $user = user_save('', array('name' => $query['edit']['fullname'],
    'pass' => user_password(),
    'mail' => $query['edit']['email'],
    'init' => $_SESSION['openid'],

I’ve posted a diff file that shows the exact changes from the stock OpenID Drupal module.

Security note: If you decide to use this code, be aware that there is no verification done on the user’s name yet. Whatever the user enters in the name field of the registration form is submitted directly into Drupal as the user’s name. So it’s possible there is a security/exploit issue if a malicious user puts something wacky in there. I need to wade into it the code and see if Drupal already has some safeguards in place, or whether I need to add a bit of sanitizing code to the module to ensure there’s nothing nasty embedded in the name. In the mean time, use at your own risk.

No Comments »