10 February 2007

What is OpenID?

OpenID is an open, decentralized, free framework for user-centric digital identity.

Essentially once you have an OpenID identity you can use that account on any site that supports it. Your identity becomes a URL. I think it’s a great single-sign-on system for bloggers.

You can get an OpenID identity from lots of places. If you have a LiveJournal, TypeKey (Movable Type) or Zooomr account (just to name a few) you already have an OpenID identity. If not, there are lots of OpenID servers that you can create an account with. I recommend www.myopenid.com as it seems to be popular. If you are like me though, I wanted to use my own domain as my OpenID identity.

Using your own domain as an OpenID Identity

There are 2 ways that you can go about this. The first is to install an OpenID server on your domain. There is a list of options here. If you just want to support a single user you could check out phpMyID. I didn’t really want to run my own server so onto option 2.

This way is super easy. You can setup your domain to delegate to an actual OpenID server. This is even better if you want to change your main OpenID server without ever changing your OpenID URL. All you have to do is add some headers to your default page on your domain. Some instructions can be found here but the short version is add these to your HTML HEAD of your default page:

<link rel=”openid.server” href=”http://www.myopenid.com/server” />
<link rel=”openid.delegate” href=”http://yoururl.myopenid.com/” />

In my case I wanted to keep using my TypeKey server so I just added this:

<link rel=”openid.server” href=”https://www.typekey.com/t/openid” />
<link rel=”openid.delegate” href=”http://profile.typekey.com/jeffreyvanneste/” />

Now I can use http://jeffrey.vanneste.ca as my identity and switch freely between OpenID servers. If you have a WordPress blog there is an OpenID delegate plugin you could check out.

WordPress Integration

I decided to see what was required in getting OpenID integrated into my blogs. Not surprisingly there was already a great WordPress OpenID plug-in that almost worked flawlessly for me. Installing and setting it up was super easy but the default install of PHP on dreamhost does not include the GMP functions. As luck would have it there is a great article written up on the dreamhost wiki on compiling a customized PHP.

Adding GMP support to PHP

I started with the “Alternative PHP 5 install Scripts” found here. Running the first script will download all the source required and extract it all into another folder. At this point you need to do the same for GMP. Login to your dreamhost shell and goto the folder where all the PHP5 libraries were extracted ($HOME/dist by default).

wget ftp://ftp.gnu.org/gnu/gmp/gmp-4.2.1.tar.gz\
tar zxvf gmp-4.2.1.tar.gz\
cd gmp-4.2.1\
./configure –prefix=${HOME}/php5\
nice -n 19 make\
make install

Now we need to edit the second PHP5 install script. All you have to do here is find the PHPFEATURES variable and add this line somewhere between the quotes.


Now run the second script which took quite awhile for me. Once it’s completed you have to add a .htaccess file to the root folder of your website with the following lines:

AddHandler phpFive .php
Action phpFive /cgi-bin/php.cgi

That should be it. If you have enabled the WordPress OpenID plugin you should now see an additional option to use an OpenID URL when making comments and logging in.

Getting started with OpenID development

If you want to get started on new projects that use OpenID there are already lots of awesome libraries available. The best site I found is http://www.openidenabled.com which has information on pretty much everything you would want to know about OpenID. There are also libraries written in Python, Ruby, Perl, PHP, .NET, Java and ColdFusion to help get your project jump started.

I also found for testing that it was useful having multiple OpenID identities. If you want to have some OpenID’s to test with check out http://www.jkg.in/openid/ which generates anonymous ID’s for you.

So now my blog supports OpenID registration. Why not do the same to yours so we don’t need yet another account?