This document discusses OpenID, an open standard for decentralized authentication on the web. It notes some problems with traditional username and password systems like passwords being hard to manage and user databases being vulnerable to theft. OpenID provides a solution by allowing users to authenticate using a URL of their choice, like a personal domain name, rather than having separate usernames and passwords for each site. When authenticating with a new site, OpenID verifies the user's identity through their OpenID provider rather than the site directly. The document provides examples of how OpenID works and can be implemented using libraries like Net::OpenID::Consumer in Perl. It also addresses questions like how to choose an OpenID provider and maintain multiple personas.
59. use Net::OpenID::Consumer;
my $csr = Net::OpenID::Consumer->new(
ua => LWPx::ParanoidAgent->new,
cache => Some::Cache->new,
args => $cgi,
consumer_secret => ...,
required_root => quot;http://chris.vertonghen.org/quot;,
);
# a user entered, say, quot;bradfitz.comquot; as their identity. The first
# step is to fetch that page, parse it, and get a
# Net::OpenID::ClaimedIdentity object:
my $claimed_identity = $csr->claimed_identity(quot;bradfitz.comquot;);
# now your app has to send them at their identity server's endpoint
# to get redirected to either a positive assertion that they own
# that identity, or where they need to go to login/setup trust/etc.
my $script_name = quot;http://quot; . $ENV{'HTTP_HOST'} . $ENV{'SCRIPT_NAME'};
my $check_url = $claimed_identity->check_url(
return_to => $script_name
. quot;?return=true&hurl=$hurl&oid=quot;
. $m->interp()->apply_escapes($identity),
trust_root => quot;http://chris.vertonghen.org/quot;,
);
# so you send the user off there, and then they come back to
# openid-check.mhtml, then you see what the identity server said;
if ($return) {
if ( $setup_url = $openid_con->user_setup_url ) {
print $m->redirect($setup_url);
}
elsif ( $verify_identity = $openid_con->verified_identity ) {
$verified_url = $verify_identity->url;
print 'Congratulations your identity has been verified.<BR><BR>';
}
elsif ( $openid_con->user_cancel ) {
$m->redirect('http://chris.vertonghen.org/auth.html'); #use the file name of the login page
}
else {
print quot;<BR><h1>Validation Error</h1>quot;;
print 'There was an error in validating your identity. The error was ', $openid_con->err
. quot;<BR><BR>Please <a href=quot;javascript: history.go(-1);quot;>go back and try again</a>.<BR><BR>quot;;
}
}
Saturday 27 October 2007 59
60. Thank you.
Questions?
Saturday 27 October 2007 60