Flutterby™! : Perl OpenID quickstart

Dear Lazy Web, for a while I was trying to keep up with OpenID, but after a while the absurdity and silliness just got to be too damned much. I know that 1.1 is now deprecated, 2.0 is deployed, 2.something fixes some allegedly heinous issues, and I have no idea what people in the wild are running. In migrating away from MediaWiki on Flutterby.net, I'll also be giving up the OpenID plug-in, and since I've logged into some stuff using it I should probably keep that URL live.

I need two things:

1. What's the simplest way to put together a CGI OpenID login in Perl? Prefer "download this tar package into a directory, edit 'login.cgi' to add your password, point your browser to the login.cgi" style.
2. What's the line I put in the headers of the document at my OpenID address that I point to that with?

[ related topics: Sports Theater & Plays Open Source Perl ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2009-03-26 00:07:07.706233-07 by: dexev

You might just want to create an account at one of the free OpenID providers and user OpenID delegation for that URL.

If your provider was myOpenID, for example, you'd add this to the page:

<link rel="openid.server" href="http://www.myopenid.com/server" /> <link rel="openid.delegate" href="http://youraccount.myopenid.com/" /> <link rel="openid2.local_id" href="http://youraccount.myopenid.com" /> <link rel="openid2.provider" href="http://www.myopenid.com/server" />

(stolen from https://www.myopenid.com/help#own_domain, but the rel= are the same for any provider)

#Comment Re: made: 2009-03-26 02:42:07.666537-07 by: John Anderson

+1 for delegation; I've been doing that on genehack.org for a while now and it's really just hella simpler (and I say that as somebody who leans pretty hard towards the DIY side of the spectrum when it comes to this sort of thing).

#Comment Re: made: 2009-03-26 05:18:44.734155-07 by: Dan Lyke

Went directly to https://www.myopenid.com/help#own_domain, copied that to the header at http://new.flutterby.com/User:DanLyke, M-% youraccount danlyke and I'm getting non-descriptive errors from everthing on the first page of Google results for "openid test".

I've now changed it to dump that stuff out through my CMS, which is putting in empty element bodies for the link tag.

Oh, wait, LJ at least sends me off to the MyOpenID login page, but then says: "no_identity_server: The provided URL doesn't declare its OpenID identity server.". I remember there was something about my server needing to redeclare itself, but I don't see that right off. I guess I'll just throw this site over to the live site and see what happens the first time I try to post a comment.

#Comment Re: made: 2009-03-26 10:04:16.609403-07 by: dexev

Hmm...your headers look fine to me, and the fact that some sites work better than others is suspicious. support@myopenid.com is usually pretty responsive about these sort of things -- if they're not, email me :)

#Comment Re: made: 2009-03-26 10:23:32.527318-07 by: Dan Lyke

I whined about the fact that OpenID is a byzantine collection of horrendous crap recently on the OpenID list, so I didn't actually expect that any of the first two pages for "openid test" didn't work. I'll just ignore it 'til I actually need to use it.

A few years ago I wrote what was supposed to be the canonical test code for the "YADIS" discovery portion of OpenID. That code apparently got dropped by the client of the client that I wrote it for, and the spec has evolved grown since those days, but even then it was apparent that many of the folks pushing features into OpenID didn't have a handle on pragmatic implementation details, and weren't looking at the problems which needed solutions but were chasing which ways they could make people use their buzzwords.

But I'm not bitter.

And, yeah, given that I can redirect the delegation pretty much anywhere from the URL I provide, then who provides it becomes a commodity. I wouldn't use a delegated OpenID for anything critical, but for blog comments I'm happy to let Verisign or JanRain be the keeper of that password.