On Tue, 20 Apr 2010 11:38:24 -0400, Nathaniel wrote:
> I'm trying to write a simple OpenID provider mostly for testing
> purposes at this point.
I wrote an extremely simple one (~9K, including HTML) because I wanted
to run my own provider - it is based on Net::OpenID::Server, but with
some modifications to the module to make it work with the sites I
wanted to login to (mainly hacking in SHA256-support):
*
http://github.com/asjo/libnet-openid-perl/commits/master
> I'm still pretty new to Perl and CGI. Can anyone give me a better
> explanation of what goes in each of the callback methods (get_user,
> get_identity, is_identity, and is_trusted)?
I'm using Mason¹ in my little project, but that doesn't make much of a
difference.
I'm not sure what you're asking, though, get_user, get_identity,
is_identity and is_trusted are just simple functions that should return
what the say - if the identity/password is provided and checks out, they
should return the data/information asked for.
Basically I've got:
my $get_user=sub {
return $m->notes('user');
};
my $get_identity=sub {
my ($user)=@_;
return 0 if (!defined $user);
return $user->{identity};
};
my $is_identity=sub {
my ($user, $identity_url)=@_;
return 0 if (!defined $user);
# XXX Check that $user owns $identity_url:
return $user->{ok};
};
my $is_trusted=sub {
my ($user, $trust_root, $is_ident)=@_;
return 0 if (!defined $user or !$is_ident);
# XXX Check that $user trusts $trust_root:
return $user->{ok};
};
(Feel free to jump in and correct me, anyone!)
> I'm also having some issues with the login process. I've got a server
> page where the OpenID::Server object is, and a login page that
> authenticates users. During setup, the user is redirected to the login
> page. I've gotten to the point where the login page works, but now, I
> think I have to tell the server about the successful authentication.
> What's the best way to accomplish that? I think I have to maintain
> some kind of state from the login page.
I used a testing-website that I found valuable in getting things to
work. I can remember if it was on
openid.net or run by janrain, or
both...
I can't find it again, but I just stumbled over this one:
http://test-id.org/ - which seems quite comprehensive.
> Documentation and tutorials for the server side of OpenID are pretty
> sparse... lots of stuff for the consumer though.
Yeah, and some things you'll find out by trial and error; like getting
SHA256 to work... :-)
Best regards,
Adam
--
"Achtung, babies!" Adam Sjøgren
as...@koldfront.dk