OpenID, Rails, and Peepcode

OpenID LogoOpenID is an exciting, up-and-coming technology which will make website registration and login simpler (Finally! Fewer passwords to remember!)

I’m hopeful that, over the next year, you’ll see a flood of web apps add support for it.

But today there are only a few dozen web apps that have that support. Support in web frameworks like Ruby on Rails is here or coming soon, but word hasn’t reached the masses yet.

To play some small part in filling that need, I’ll be helping to create a screencast which walks the viewer through adding support for OpenID to an existing Rails app. As this work is done, I’ll post here with some of the information and questions that come up, along with a little on the general process of creating a screencast. Subscribe if you’re interesting in reading this series of posts, and you can also see some of the resources I use at my openid tagged pages (del.icio.us).

The screencast will be posted on peepcode.com, Geoffrey Grossenbach’s repository of professional, high-value screencasts on a specific topics. I’ve admired Geoffrey’s work and various projects for a long time, and am looking forward to working on one of his efforts.

Please let me know if you have any feedback — a question or topic you’d like covered, for example.

Here’s the tentative topics:

5m Getting an OpenID for ourselves
10m Installing the Mephisto Rails-based blog engine
5m Plugging an OpenID login into Rails
10m Creating our OpenID-unique tests
10m Analyzing and migrating our models
10m Merging our views and controller logic
5m The final product

Here are some examples of the early questions I need to answer:

  • How much should I summarize topics already hit by Simon’s introductory screencast for non-technical OpenID users?
  • For the example project, add OpenID support to Mephisto (blog) or Junebug (wiki)?
  • Will I need any major dependencies beyond ruby-openid (and its login generator)?
  • Will there be time in the screencast (targeted at 40 mins) to make a standard plug-in?
  • What are the top 3-5 gotchas that cause people to loose time when embarking on OpenID themselves?

Comments (8) to “OpenID, Rails, and Peepcode”

  1. Looking forward to the screencast. Some things I would like to see:

    Working with a webapp in which a user account needs to be created. How to accept more information after the ID has been validated, but not end up with partially created user accounts.

    Along with that: How to access the information that OpenID allows to be passed back to the app (email, timezone, etc)

  2. Great feedback. I’m leaning towards using Mephisto as the example, and it will run into your first area: needing to have a form which adds more information to the user profile than what OpenID can provide.

    I also hope to cover the OpenID SRE (Simple Registration Extension). This would include getting email and login (timezone probably won’t be needed) … and, probably more interestingly, handling when the OpenID provider doesn’t support SRE, or the user hasn’t pre-authorized the release of that info.

    So assuming ruby-openid has SRE support (which I haven’t verified yet), I’m hoping to cover everything you’re asking about. Thanks!

  3. Just a quick note that ruby-openid does support SRE, with the info accessible through the hash returned by the extension_response method of the SuccessResponse object (passed via complete method). This will be covered and shown in-use in the screencast!

  4. [...] OpenID, Rails, and Peepcode [...]

  5. By the way, I’ve definitely focused on Rails (rather than just “adding OpenID to your Ruby web app”) — so Junebug is out as a choice. Junebug is built on wacky whys camping framework, not Rails.

  6. Hey Bernie,

    Great to hear there’s a screencast. What approach did you take for integrating it? Did you use (or get a chance to look at) the Rails plugin we built with VeriSign (which is now part of the Apache Heraldry project) or did you make one from scratch? We built the OpenID server and profile management app too (which runs http://pip.verisignlabs.com), which is intended to be a real production app as well as a reference implementation for developers to think about cool services to offer.

    We also have a sample ‘Bookmarks’ app that shows how to integrate the Rails plugin with a traditional login system (using acts_as_authenticated). There also is a modification of it for use with restful_authentication).

    We have more info at http://identity.eastmedia.com

    Thanks for helping get the word out. Look forward to seeing the screencast.

    Matt

  7. Hi Matt!

    Thanks for all the great stuff Eastmedia has been doing!

    I didn’t know about the ‘Bookmarks’ sample app! I had it on the list to look at the same thing (aaa+openid) The problem of providing openid alongside uid/pwd and other authentication methods is one we’ll hopefully cover.

    I installed bookmarks app and had trouble with login & the required username/email elements. Something about the ‘require username/email unless openid’ logic in the model wasn’t working for some reason.

    Both the code and the user interface for supporting multiple authentication methods is tricky.

    Thanks again, Matt!
    Bernie

  8. See http://leancode.com/openid-for-rails/ for some of the resources and an early snippet.

Post a Comment
(Never published)