4 Provides a thin wrapper around the excellent ruby-openid gem from JanRan. Be sure to install that first:
6 gem install ruby-openid
8 To understand what OpenID is about and how it works, it helps to read the documentation for lib/openid/consumer.rb
11 The specification used is http://openid.net/specs/openid-authentication-1_1.html (not the 2.0 draft).
17 OpenID authentication uses the session, so be sure that you haven't turned that off. It also relies on a number of
18 database tables to store the authentication keys. So you'll have to run the migration to create these before you get started:
20 rake open_id_authentication:db:create
22 Alternatively, you can use the file-based store, which just relies on on tmp/openids being present in RAILS_ROOT. But be aware that this store only works if you have a single application server. And it's not safe to use across NFS. It's recommended that you use the database store if at all possible. To use the file-based store, you'll also have to add this line to your config/environment.rb:
24 OpenIdAuthentication.store = :file
26 This particular plugin also relies on the fact that the authentication action allows for both POST and GET operations.
27 If you're using RESTful authentication, you'll need to explicitly allow for this in your routes.rb.
29 This plugin relies on Rails Edge revision 6317 or newer.
35 This example is just to meant to demonstrate how you could use OpenID authentication. You'll might well want to add
36 salted hash logins instead of plain text passwords and other requirements on top of this. Treat it as a starting point,
41 map.open_id_complete 'session', :controller => "sessions", :action => "create", :requirements => { :method => :get }
45 app/views/sessions/new.erb
47 <% form_tag(session_url) do %>
49 <label for="name">Username:</label>
50 <%= text_field_tag "name" %>
54 <label for="password">Password:</label>
55 <%= password_field_tag %>
63 <label for="openid_url">OpenID:</label>
64 <%= text_field_tag "openid_url" %>
68 <%= submit_tag 'Sign in', :disable_with => "Signing in…" %>
72 app/controllers/sessions_controller.rb
73 class SessionsController < ApplicationController
76 open_id_authentication
78 password_authentication(params[:name], params[:password])
84 def password_authentication(name, password)
85 if @current_user = @account.users.authenticate(params[:name], params[:password])
88 failed_login "Sorry, that username/password doesn't work"
92 def open_id_authentication
93 authenticate_with_open_id do |result, identity_url|
95 if @current_user = @account.users.find_by_identity_url(identity_url)
98 failed_login "Sorry, no user by that identity URL exists (#{identity_url})")
101 failed_login result.message
109 session[:user_id] = @current_user.id
110 redirect_to(root_url)
113 def failed_login(message)
114 flash[:error] = message
115 redirect_to(new_session_url)
121 If you're fine with the result messages above and don't need individual logic on a per-failure basis,
122 you can collapse the case into a mere boolean:
124 def open_id_authentication
125 authenticate_with_open_id do |result, identity_url|
126 if result.successful? && @current_user = @account.users.find_by_identity_url(identity_url)
129 failed_login(result.message || "Sorry, no user by that identity URL exists (#{identity_url})")
135 Simple Registration OpenID Extension
136 ====================================
138 Some OpenID Providers support this lightweight profile exchange protocol. See more: http://www.openidenabled.com/openid/simple-registration-extension
140 You can support it in your app by changing #open_id_authentication
142 def open_id_authentication(identity_url)
143 # Pass optional :required and :optional keys to specify what sreg fields you want.
144 # Be sure to yield registration, a third argument in the #authenticate_with_open_id block.
145 authenticate_with_open_id(identity_url,
146 :required => [ :nickname, :email ],
147 :optional => :fullname) do |status, identity_url, registration|
150 failed_login "Sorry, the OpenID server couldn't be found"
152 failed_login "OpenID verification was canceled"
154 failed_login "Sorry, the OpenID verification failed"
156 if @current_user = @account.users.find_by_identity_url(identity_url)
157 assign_registration_attributes!(registration)
162 failed_login "Your OpenID profile registration failed: " +
163 @current_user.errors.full_messages.to_sentence
166 failed_login "Sorry, no user by that identity URL exists"
172 # registration is a hash containing the valid sreg keys given above
173 # use this to map them to fields of your user model
174 def assign_registration_attributes!(registration)
175 model_to_registration_mapping.each do |model_attribute, registration_attribute|
176 unless registration[registration_attribute].blank?
177 @current_user.send("#{model_attribute}=", registration[registration_attribute])
182 def model_to_registration_mapping
183 { :login => 'nickname', :email => 'email', :display_name => 'fullname' }
187 Copyright (c) 2007 David Heinemeier Hansson, released under the MIT license