This is an OpenID Proxy application.
Sometimes applications run in an environment where it would be impossible or very difficult to use an OpenID consumer.
This proxy is basically a very, very simple web service for making OpenID requests, without having to have a full-blown local OpenID consumer.
This can be used as a Rack application or as a Rack middleware (to add a proxy to your local application).
This uses Rack::OpenID (which used ruby-openid) to do the heavy lifting.
$ sudo gem install rack-openid $ sudo gem install devfu-rack-openid-proxy -s http://gems.github.com
If you want json formatted responses …
$ sudo gem install json
If you want xml formatted responses …
$ sudo gem install yaxml
( or override the XML formatter to format responses however you want )
Rack::OpenID::Proxy can be used as a Rack middleware or as a standalone Rack app.
Either way, it (currently) requires that a few middleware be enabled, explicitly:
require 'rack/openid' require 'rack/openid/proxy' use Rack::Session::Cookie # or any other Rack::Session use Rack::OpenID # we might auto-require this, if not found, eventually
Then you can either
run Rack:OpenID::Proxy.new # as a standalone Rack app
If you run Rack::OpenID::Proxy as a standalone app, 404's will be returned for any non-OpenID related request.
If you run Rack::OpenID::Proxy as a middleware, all non-OpenID related requests will be passed along to the main application.
Basically, OpenID::Proxy accepts requests to /openid?url=my.openid.url.
When it gets a request like that it:
Saves the REFERER (the URL the request came from)
Redirects to the OpenID provider's login
Gets a response from the OpenID provider (whether the login was valid/etc)
Rediects back the the REFERER, adding a token variable to the URL: mysite.com/original_path?token=12345
Now, your application can take this token and, to find out if the login was valid, make a request back to the proxy: /openid?token=12345 and that'll return the OpenID response. You can get the OpenID response in many formats:
By default, after a token has been requested once and the response has been returned, the token/response are deleted from the Proxy (so no one else can get the response). You can disable this by setting :delete_token_on_request => false when initializing the Rack::OpenID::Proxy
Rack::OpenID::Proxy takes a few configuration options, eg.
use Rack::OpenID::Proxy, :force_ssl => true, :path => '/openid-proxy', :delete_token_on_request => false
View the RDoc for more information about these options. As it is now, we don't have many configuration options.
If you need to fork the project and add additional configuration options, please send us a pull request if someone else might find your additions useful!
Very shortly we'll support a custom storage facility to store (temporarily) OpenID responses.