EasyRackOpenId. Simplifies OpenID login for Rack apps.

Installation

gem install easy-rack-open-id
require 'easy-rack-open-id'
use Rack::Session::Cookie
use Rack::OpenID
use EasyRackOpenId::Server, :allowed_identifiers => ['http://example.com/']
run lambda {|env| [ 200, { 'Content-Type' => 'text/plain' }, [ 'Authenticated!' ] ] }

There’s an example in config.ru

Basically, slap EasyRackOpenId in front of the App you want to protect. Rack::OpenID needs to be above it. Data from the login (identifier, registration info) will be made available in session

session['verified_identity']['identifier'] # http://samsm.com/
session['verified_identity']['nickname']   # samsm

OpenID stores

OpenID needs some storage to remember cryptographic nuts and bolts. Rack:OpenID with no arguments uses an in memory OpenID store. This is ok for trying out with rackup, but won’t work in a variety of scenarios including using shotgun and multiple servers. You can pass it a different store like so:

require 'openid_mongodb_store' # http://github.com/samsm/openid_mongodb_store
MongoMapper.database = 'testorama'
MongoMapper.database.authorize('username','password')
use Rack::OpenID, OpenidMongodbStore::Store.new

Too Many Options!

With no arguments, EasyRackOpenId will only allow users with a verified OpenID to proceed. It won’t care what that identity is.

:allowed_identifiers - when used, only identities in the provided array will be allowed access.

:identity_match - when used, only identities matching this regex pattern will be allowed.

Right now allowed_identifiers and identity_match cannot both be used at once.

:default_return_to is a path just in case the automatic return_to mysteriously vanishes. Unlikely.

:login_path is where to send a user if login fails. Perhaps a login form?

:logout_path (defaults to /logout) path that, when visited will clear the login session.

:after_logout_path After a user logs out, send them here (don’t want the user sitting on the logout path).

:form picks which style of openid form is used for login. Choose from ‘boring’, ‘selector’, and ‘real-selector’ (default).

Registration options

:required an array of what simple registration/attribute exchange details you want to fetch about a person.

:optional like above, registration

:policy_url

OpenID Selector, Real-selector

This package includes nice-looking default login forms from the “openid-selector” and “real-openid-selector” projects. This gem will serve the necessary javascript/images, but it may be more efficient to copy public/easy-rack-open-id-assets into your application’s public directory so that Apache/Nginx/whatever can serve those file directly.