Switch your OpenID server on-the-fly

Published on and tagged with cakephp  openid  project

OpenID allows you to use your own domain as OpenID and to delegate it for authentication purposes to an OpenID server by adding two link tags to the head section of a HTML page. In my case I use http://openid.42dh.com as OpenID and in the head section you will find:

<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://dh.myopenid.com" />

This approach comes with two potential problems:

  • I cannot authenticate myself if my domain is down,
  • and the same applies if the OpenID server is down

To the first problem I don’t have a solution yet, but for the second problem the solution is easy. Modify the snippet above and you can still authenticate with your OpenID by using a different OpenID server. It is just a bit cumbersome to login to your server and to do that change manually. So I wrote a very simple CakePHP application which allows you to switch the used OpenID server on-the-fly. It is one of those “15 minutes” projects where it is almost overkill to use CakePHP ;-)

You can find the application in the downloads section. The installation is simple, the zip contains a complete app folder (no database needed). You may have to modify app/webroot/index.php and to make the tmp folder writable, and, of course, you have to add the OpenID servers and delegates you want to use. They are defined in app/models/delegate.php. Now, to change the OpenID server you simply call example.com/change and a different OpenID server will be used.

That’s it.

3 comments baked

  • Tom

    “It is one of those “15 minutes” projects where it is almost overkill to use CakePHP”

    Today i had such a 30min project, wanted to do it “by hand”, after 5mins remembering the whole db communication blah(2 Tables!!1 ;)) i decided that baking cakes is never overkill ;)

  • James

    In order for authorization to be supported, the folks in the OpenID community would need to have the desire of moving past the basics of identity. Likewise, the features of an identity selector (e.g. Cardspace) will need to change. IMHO it seems no one really cares to talk deeper about authorization as it may require too much work on their parts…

  • cakebaker

    @James: Hm, I never thought about authorization in the context of OpenID. What would be the benefit of it?

© daniel hofstetter. Licensed under a Creative Commons License