Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A Rack app/middleware to act as a proxy for OpenID authentication
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.



This is an OpenID Proxy application.

Sometimes applications run in an environment where it would be impossible or very difficult to use an OpenID consumer.

This proxy is basically a very, very simple web service for making OpenID requests, without having to have a full-blown local OpenID consumer.

This can be used as a Rack application or as a Rack middleware (to add a proxy to your local application).

This uses Rack::OpenID (which used ruby-openid) to do the heavy lifting.


$ sudo gem install rack-openid
$ sudo gem install devfu-rack-openid-proxy -s

If you want json formatted responses …

$ sudo gem install json

If you want xml formatted responses …

$ sudo gem install yaxml

( or override the XML formatter to format responses however you want )


Rack::OpenID::Proxy can be used as a Rack middleware or as a standalone Rack app.

Either way, it (currently) requires that a few middleware be enabled, explicitly:

require 'rack/openid'
require 'rack/openid/proxy'

use Rack::Session::Cookie  # or any other Rack::Session
use Rack::OpenID           # we might auto-require this, if not found, eventually

Then you can either

use Rack::OpenID::Proxy


run  # as a standalone Rack app

If you run Rack::OpenID::Proxy as a standalone app, 404's will be returned for any non-OpenID related request.

If you run Rack::OpenID::Proxy as a middleware, all non-OpenID related requests will be passed along to the main application.


Basically, OpenID::Proxy accepts requests to /openid?url=my.openid.url.

When it gets a request like that it:

  • Saves the REFERER (the URL the request came from)

  • Redirects to the OpenID provider's login

  • Gets a response from the OpenID provider (whether the login was valid/etc)

  • Rediects back the the REFERER, adding a token variable to the URL:

Now, your application can take this token and, to find out if the login was valid, make a request back to the proxy: /openid?token=12345 and that'll return the OpenID response. You can get the OpenID response in many formats:

  • /openid.yml?token=12345

  • /openid.json?token=12345

  • /openid.xml?token=12345

By default, after a token has been requested once and the response has been returned, the token/response are deleted from the Proxy (so no one else can get the response). You can disable this by setting :delete_token_on_request => false when initializing the Rack::OpenID::Proxy


Rack::OpenID::Proxy takes a few configuration options, eg.

use Rack::OpenID::Proxy, :force_ssl => true, :path => '/openid-proxy', :delete_token_on_request => false

View the RDoc for more information about these options. As it is now, we don't have many configuration options.

If you need to fork the project and add additional configuration options, please send us a pull request if someone else might find your additions useful!

Very shortly we'll support a custom storage facility to store (temporarily) OpenID responses.


Something went wrong with that request. Please try again.