Implementation of the OpenID protocol for Common Lisp.
CL-OpenID implements OpenID Authentication 2.0 standard and is compatible with OpenID Authentication 1.1. Both Relying Party (formerly called OpenID Consumer), and OpenID Provider are implemented.
Also supports extensions, like OpenID Simple Registration Extension or OpenID Attribute Exchange Extension.
OpenID allows people to use their accounts from any compliant web service (including livejournal, google accounts, yahoo accounts and many others), to login into any OpenID compliant 3rd party web application.
It simplifies life for both user and application developer. There is no need for the user to fill any registration form, create and remember new password. The application developer does not need to implement registration forms, email confirmations, password restore procedure.
From the application developer perspective, the login process looks approximately like the following:
- User provides his identity - an URI (like http://petya12.livejournal.com/). This may be implemented by a trivial HTML login form with a single input field:
In either case, the identity is a single URI.
- Application code initiates authentication process for the identity provided.
- When the authentication process is finished, the application code receives a cryptographically confirmed reply, whether the user really owns the identity. From now on the application knows who it is dealing with; and for example can store the user identity on the session as the 'current-user attribute.
On the step 2, the application may parametrize the authentication process with a request for user profile details, like email, full name, postcode, language, URL of his avatar image, etc. (As specified in OpenID Simple Registration Extension, and OpenID Attribute Exchange standards).
If the user account contains this information and the user has allowed it to be shared with the application, then on the step 3 the requested attributes are returned together with the authentication reply.
In the above description the application acts as an OpenID Relying Party - it delegates the authentication process to an OpenID Provider (livejournal in our example).
If you want to create an OpenID Provider to allow accounts from your application to be used to login into another web applications (similar to google accounts, livejournal accounts), CL-OpenID supports this too.
If you have questions or need help, contact the cl-openid-devel mailing list.
Running at Heroku: http://cl-openid-demo.herokuapp.com/
The project is available from Quicklisp.
- cl-openid-announce for important announcements
- cl-openid-devel for discussions about CL-OpenID development
- cl-openid-ticket for Trac bugtracker ticket notifications.
- Status updates on author's blog (RSS)
- Main project page
- ProtocolInformation, ExistingImplementations
GNU Lesser General Public License version 2.1 with Franz Inc.'s preamble, also known as LLGPL (Lisp Lesser General Public License).