wiki:WikiStart

CL-OpenID

Implementation of the OpenID protocol for Common Lisp.

CL-OpenID implements OpenID Authentication 2.0 standard and is compatible with OpenID Authentication 1.1. Both Relying Party (formerly called OpenID Consumer), and OpenID Provider are implemented.

Also supports extensions, like OpenID Simple Registration Extension or OpenID Attribute Exchange Extension.

Introduction

OpenID allows people to use their accounts from any compliant web service (including livejournal, google accounts, yahoo accounts and many others), to login into any OpenID compliant 3rd party web application.

It simplifies life for both user and application developer. There is no need for the user to fill any registration form, create and remember new password. The application developer does not need to implement registration forms, email confirmations, password restore procedure.

From the application developer perspective, the login process looks approximately like the following:

  1. User provides his identity - an URI (like http://petya12.livejournal.com/). This may be implemented by a trivial HTML login form with a single input field:

trivial login form

or more fancy javascript control (in particular, there are ready-to-use javascript controls in Internet, for example: jquery.openid, openid-selector, and others):

openid-selector screenshot

In either case, the identity is a single URI.

  1. Application code initiates authentication process for the identity provided.
  1. When the authentication process is finished, the application code receives a cryptographically confirmed reply, whether the user really owns the identity. From now on the application knows who it is dealing with; and for example can store the user identity on the session as the 'current-user attribute.

On the step 2, the application may parametrize the authentication process with a request for user profile details, like email, full name, postcode, language, URL of his avatar image, etc. (As specified in OpenID Simple Registration Extension, and OpenID Attribute Exchange standards).

If the user account contains this information and the user has allowed it to be shared with the application, then on the step 3 the requested attributes are returned together with the authentication reply.

In the above description the application acts as an OpenID Relying Party - it delegates the authentication process to an OpenID Provider (livejournal in our example).

If you want to create an OpenID Provider to allow accounts from your application to be used to login into another web applications (similar to google accounts, livejournal accounts), CL-OpenID supports this too.

Reference documentation is available in the README.html file. Small examples are provided in the source code repository.

If you have questions or need help, contact the cl-openid-devel mailing list.

Demo

Running at Heroku: http://cl-openid-demo.herokuapp.com/

Sources: https://github.com/avodonosov/cl-openid-demo/

Installation

The project is available from Quicklisp.

Source code

https://github.com/cl-openid/cl-openid

Mailing lists

Other resources

License

GNU Lesser General Public License version 2.1 with Franz Inc.'s preamble, also known as LLGPL (Lisp Lesser General Public License).

History

CL-OpenID is implemented by Maciej Pasternacki and sponsored by Google during Google Summer of Code 2008, on LispNYC initiative. LispNYC project mentor is Anton Vodonosov.

Last modified 7 weeks ago Last modified on 09/05/14 02:38:03

Attachments (2)

Download all attachments as: .zip