Rack::OpenID

Provides a more HTTPish API around the ruby-openid library.

Usage

You trigger an OpenID request similar to HTTP authentication. From your app, return a “401 Unauthorized” and a “WWW-Authenticate” header with the identifier you would like to validate.

On competition, the OpenID response is automatically verified and assigned to env["rack.openid.response"].

Rack Example

MyApp = lambda { |env|
  if resp = env["rack.openid.response"]
    case resp.status
    when :success
      ...
    when :failure
      ...
  else
    [401, {"WWW-Authenticate" => 'OpenID identifier="http://example.com/"'}, []]
  end
}

use Rack::OpenID
run MyApp

Sinatra Example

# Session needs to be before Rack::OpenID
use Rack::Session::Cookie

require 'rack/openid'
use Rack::OpenID

get '/login' do
  erb :login
end

post '/login' do
  if resp = request.env["rack.openid.response"]
    if resp.status == :success
      "Welcome: #{resp.display_identifier}"
    else
      "Error: #{resp.status}"
    end
  else
    headers 'WWW-Authenticate' => Rack::OpenID.build_header(
      :identifier => params["openid_identifier"]
    )
    throw :halt, [401, 'got openid?']
  end
end

use_in_file_templates!

__END__