Provides a more HTTPish API around the ruby-openid library.
You trigger an OpenID request similar to HTTP authentication. From your app, return a "401 Unauthorized" and a "WWW-Authenticate" header with the identifier you would like to validate.
On competition, the OpenID response is automatically verified and assigned to env["rack.openid.response"]
.
MyApp = lambda do |env|
if resp = env["rack.openid.response"]
case resp.status
when :success
...
when :failure
...
else
[401, {"WWW-Authenticate" => 'OpenID identifier="http://example.com/"'}, []]
end
end
use Rack::OpenID
run MyApp
# Session needs to be before Rack::OpenID
use Rack::Session::Cookie
require 'rack/openid'
use Rack::OpenID
get '/login' do
erb :login
end
post '/login' do
if resp = request.env["rack.openid.response"]
if resp.status == :success
"Welcome: #{resp.display_identifier}"
else
"Error: #{resp.status}"
end
else
headers 'WWW-Authenticate' => Rack::OpenID.build_header(
:identifier => params["openid_identifier"]
)
throw :halt, [401, 'got openid?']
end
end
enable :inline_templates
__END__
@@ login
<form action="/login" method="post">
<p>
<label for="openid_identifier">OpenID:</label>
<input id="openid_identifier" name="openid_identifier" type="text" />
</p>
<p>
<input name="commit" type="submit" value="Sign in" />
</p>
</form>
- 1 failing test (skipped)
- rewrite tests with minitest/spec
Joshua Peek original author
Michael Grosser
michael@grosser.it
License: MIT