How does the OpenID protocol work? This screencast (7 mins) gives you a high level view.
OpenID libraries for Ruby
- JanRain’s ruby-openid (hint: ‘gem install ruby-openid’) The standard Ruby library for OpenID. Stable library with a clean interface and good tests, providing the basic foundation for both OpenID Consumers (web applications) and Providers (identity servers).
OpenID plugins and generators for Rails. All build on the ruby-openid library.
- JanRain’s openid_login_generator (‘gem install openid_login_generator; script/generate openid_login account’). Included in the ruby-openid library. Pros: Good for a quick, basic login system with OpenID. Cons: limited functionality, generated code can’t be auto-updated, no tests.
- Eastmedia’s plugins: OpenID Consumer and the newer, better Restful OpenID Authentication (‘./script/plugin install http://svn.eastmedia.com/svn/bantay/plugins/trunk/restful_open_id_authentication; ./script/generate open_id_authenticated user session’). Pros: Integrates openid and password authenticaiton, includes ActiveRecord-based associations, moves some code to updatable plugin. Cons: interface between plugin and generated code is kinda ugly, no openid-specific tests.
- Rails core team’s Open Id Authentication plugin (‘./script/plugin install http://svn.rubyonrails.org/rails/plugins/open_id_authentication/’). Pros: Written by Rails core team, cleaner abstraction on top of ruby-openid. Cons: Dependent on Edge Rails (6317 or newer), still evolving, and limited tests for now.
There’s some instability and gotchas with all the plugin and generator solutions, and none yet have a good set of openid-specific tests to validate their operation, but they’re all usable.
- If you’re an advanced Rails programmer and want to understand the authentication code in your app, develop a custom solution on top of ruby-openid using the other plugins and generators as a guide. (tutorial)
- If you just want to get openid authentication working quickly, and are developing an openid-only app, use openid_login_generator. (tutorial)
- If you’re the typical real-world app, and want openid working quickly alongside password login (acts_as_authenticated or restful_authentication), look at Eastmedia’s plugin/generators. The Restful OpenID Authentication plugin & generator is an especially promising solution for new applications, since it already integrates password and OpenID authentication into one solution.
- If you’re on edge rails and willing to take some churn in the short term to have a potentially better designed and supported solution in the long term, go with the core team’s openid plugin (this plugin started life in late Feb 2007). This can also be made to work well with aaa or restful_authentication (tutorial)
Simon Willison’s “using OpenID” screencast is both an excellent introduction to OpenID for users, and inspiration for this screencast for developers.
Spread the word
This work is licensed under a Creative Commons Attribution 3.0 License.
Use the comments for any corrections or your own recommendations