Dr. Dobb's Journal - October 2008 - (Page 42) D10weis_p5db 8/20/08 8:13 AM Page 42 Core Technology OPENID SINGLE SIGN-ON the same username/password on multiple apps (often including their e-mail account) expose themselves to even greater risks. One way a user’s identity can be compromised is through phishing, such as when a nefarious website claims to support OpenID but only provides a fake authentication form to collect the identity URI and password of unsuspecting users. A web browser with anti-phishing features can help, and I recommend visually confirming that the web address of the page where you enter your password matches that of your identity provider, especially when visiting an unfamiliar site. The centralized identity provided by OpenID can be a drawback depending on the user’s agenda, but users who prefer to remain anonymous can use a different identity URI. Also, since a centralized third party performs authentication for potentially many different websites, identity providers can be aware of some of the websites users visit. Again, choosing an identity provider you trust can alleviate this concern. An OpenID-Enabled Ruby on Rails Application The example I present here demonstrates how an OpenID consumer can be implemented with the Ruby on Rails framework. Libraries that make it easy to enable OpenID in web applications are also available for Java, C#, PHP, Python, and other languages and frameworks. To illustrate, I assume you’ve installed Ruby 1.8, RubyGems, Rake, Rails 2.0 (or later), a database system (MySQL, PostgreSQL, or SQLite, for instance), and the adapter for your database. I also assume you are familiar with Ruby and Rails and UNIX-style command-line interface and text editors. I indicate command-line actions with a dollar-sign ($) prefix, which should not be typed as part of the command. The complete source for this project is available online; see “Resource Center,” page 5. First, install the ruby-openid gem (this example was tested with version 2.0.4): $ sudo gem install ruby-openid Next, create a Rails application at the command line, and perform a bit of cleanup: $ rails openid_demo $ cd openid_demo $ rm public/index.html David Heinemeier Hansson, the creator of Rails, wrote a plug-in (github.com/rails/ def create open_id_authentication end def destroy reset_session self.current_user = nil flash.now[:notice] = 'You have logged out.' render :action => 'new' end Example 1: Creating and destroying sessions. def open_id_authentication if params[:openid_url].blank? && params[:open_id_complete].blank? return failed_login("Please enter your OpenID") end @openid_url = params[:openid_url] # Pass optional :required and :optional keys to specify what sreg fields # you want. Be sure to yield registration, a third argument in the block. authenticate_with_open_id(@openid_url, :required => [:email], :optional => [:dob, :fullname] ) do |result, identity_url, registration| if result.successful? user = User.find_by_identity_url(identity_url) if user.nil? user = User.new user.identity_url = identity_url unless assign_registration_attributes(user, registration) return failed_login("Your OpenID registration failed: " + user.errors.full_messages.to_sentence) end end self.current_user = user successful_login else failed_login(result.message || "Sorry, could not authenticate #{identity_url}") end end end Example 2: OpenID authentication. 42 Dr. Dobb’s Journal l www.ddj.com l October 2008 http://github.com/rails/open_id_authentication/tree/master/README http://www.ddj.com
Table of Contents Feed for the Digital Edition of Dr. Dobb's Journal - October 2008 Dr. Dobb's Journal - October 2008 Contents Friday Night Fish Fry Alia Vox Developer Diaries Developer’s Notebook Is Your Next Language COBOL? Conversations Safe Coding Practices Code Signing in Adobe AIR OpenID Single Sign-On The Book Cipher Algorithm Indexing and Searching Image files Extending Continuous Integration Into ALM The Agile Edge Effective Concurrency Swaine’s Flames Dr. Dobb's Journal - October 2008 Dr. Dobb's Journal - October 2008 - (Page Bellyband1) Dr. Dobb's Journal - October 2008 - (Page Bellyband2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page Cover1) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page Cover2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 1) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 3) Dr. Dobb's Journal - October 2008 - Contents (Page 4) Dr. Dobb's Journal - October 2008 - Contents (Page 5) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 6) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 7) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 8) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 9) Dr. Dobb's Journal - October 2008 - Alia Vox (Page 10) Dr. Dobb's Journal - October 2008 - Alia Vox (Page 11) Dr. Dobb's Journal - October 2008 - Developer Diaries (Page 12) Dr. Dobb's Journal - October 2008 - Developer Diaries (Page 13) Dr. Dobb's Journal - October 2008 - Developer’s Notebook (Page 14) Dr. Dobb's Journal - October 2008 - Developer’s Notebook (Page 15) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 16) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 17) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 18) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 19) Dr. Dobb's Journal - October 2008 - Conversations (Page 20) Dr. Dobb's Journal - October 2008 - Conversations (Page 21) Dr. Dobb's Journal - October 2008 - Conversations (Page 22) Dr. Dobb's Journal - October 2008 - Conversations (Page 23) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 24) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 25) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 26) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 27) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 28) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 29) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 30) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 31) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 32) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 33) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 34) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 35) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 36) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 37) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 38) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 39) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 40) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 41) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 42) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 43) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 44) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 45) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 46) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 47) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 48) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 49) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 50) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 51) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 52) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 53) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 54) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 55) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 56) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 57) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 58) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 59) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 60) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 61) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 62) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 63) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 64) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 65) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 66) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 67) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 68) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 69) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 70) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 71) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page 72) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page Cover3) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.