Added XRI support to open_id_authentication
Reported by Peat Bakke | August 18th, 2008 @ 08:57 PM
Greetings,
I've added XRI identifiers to the open_id_authentication plugin, to follow the OpenID 2.0 specification.
My changes are at http://github.com/peat/open_id_a... and include:
- Renamed the #normalize_url method to #normalize, and updated the code to validate and normalize both URL and XRI identifiers.
- Updated tests and documentation to cover the XRI changes.
The broadest reaching change to the code is updating all 'openid_url' references to 'openid_identifier' to keep in line with the OpenID 2.0 specification.
Comments and changes to this ticket
-
Joshua Peek August 19th, 2008 @ 05:46 AM
- → State changed from “new” to “invalid”
No to changing identity_url to openid_identifier. If you like the ring to it, you can use that internal in your own code base.
I can't really tell what else it changed aside from that.
-
Peat Bakke August 19th, 2008 @ 06:43 PM
Thanks for the feedback. I will continue maintaining my branch, and I've clarified the description of the changes below -- I hope it clarifies what else changed and why the changes are significant in following the OpenID 2.0 (and future) standards.
The main reason for changing the url variables to identifier is that _url is misleading: OpenID 2.0 currently supports i-names as identifiers (which are not URLs), and there are draft specifications for using other non-URL identifiers as well (like e-mail addresses). That change is important to prevent current and future developers from being mislead.
The other significant change was in the OpenIdAuthentication#normalize_url method, which rejected all non-URL identifiers as invalid. The method was renamed to #normalize to reflect the move away from the _url naming scheme, and now uses the OpenId#discover method from the ruby-openid gem for validating and normalizing identifiers. It's a more spec accurate method for handling the identifiers, and is has some built in future proofing as the ruby-openid gem evolves.
The remainder of the changes are updates to tests and documentation to reflect the above changes.
Thanks again.
-
Daniel Schierbeck October 25th, 2008 @ 03:50 PM
Joshua: I agree with Peat that the plugin should accommodate XRI identifiers. This is the direction OpenID is going, and several sites already allow the use of XRI's.
-
-
Troels Thomsen October 28th, 2008 @ 01:54 PM
I might be biased as I like to use my i-name (XRI identifier) as much as possible, but I really think the proposed patch should make it into this project. Any OpenID Authentication 2.0 implementer is required to support XRI identifies (to be compliant).
My vote goes for integrating Peat's changes. While I don't care much about the internal naming, I would also like to vote for the names to reflect the terminology applied by the specification. The far most important issue, however, is that the normalization actually blocks allowed identifiers (XRI) and thus limiting the adoption of these.
Don't listen to me. I just want to use my i-name. It is both more convenient and more secure, so why shouldn't I?
I tried to get a relying party to integrate these changes (as it would solve my problem for now) and they weren't willing to do so. It would really defeat the idea of OpenID, if the specification differs among the web.
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
