gem install easy-rack-open-id require 'easy-rack-open-id' use Rack::Session::Cookie use Rack::OpenID use EasyRackOpenId::Server, :allowed_identifiers => ['http://example.com/'] run lambda {|env| [ 200, { 'Content-Type' => 'text/plain' }, [ 'Authenticated!' ] ] }
There’s an example in config.ru
Basically, slap EasyRackOpenId in front of the App you want to protect. Rack::OpenID needs to be above it. Data from the login (identifier, registration info) will be made available in session
session['verified_identity']['identifier'] # http://samsm.com/ session['verified_identity']['nickname'] # samsm
OpenID needs some storage to remember cryptographic nuts and bolts. Rack:OpenID with no arguments uses an in memory OpenID store. This is ok for trying out with rackup, but won’t work in a variety of scenarios including using shotgun and multiple servers. You can pass it a different store like so:
require 'openid_mongodb_store' # http://github.com/samsm/openid_mongodb_store MongoMapper.database = 'testorama' MongoMapper.database.authorize('username','password') use Rack::OpenID, OpenidMongodbStore::Store.new
With no arguments, EasyRackOpenId will only allow users with a verified OpenID to proceed. It won’t care what that identity is.
:allowed_identifiers - when used, only identities in the provided array will be allowed access.
:identity_match - when used, only identities matching this regex pattern will be allowed.
Right now allowed_identifiers and identity_match cannot both be used at once.
:default_return_to is a path just in case the automatic return_to mysteriously vanishes. Unlikely.
:login_path is where to send a user if login fails. Perhaps a login form?
:logout_path (defaults to /logout) path that, when visited will clear the login session.
:after_logout_path After a user logs out, send them here (don’t want the user sitting on the logout path).
:form picks which style of openid form is used for login. Choose from ‘boring’, ‘selector’, and ‘real-selector’ (default).
:required an array of what simple registration/attribute exchange details you want to fetch about a person.
:optional like above, registration
:policy_url
This package includes nice-looking default login forms from the “openid-selector” and “real-openid-selector” projects. This gem will serve the necessary javascript/images, but it may be more efficient to copy public/easy-rack-open-id-assets into your application’s public directory so that Apache/Nginx/whatever can serve those file directly.