CL-OpenID
Implementation of the OpenID protocol for Common Lisp.
CL-OpenID implements OpenID Authentication 2.0 standard and is compatible with OpenID Authentication 1.1. Both Relying Party (formerly called OpenID Consumer), and OpenID Provider are implemented.
Also supports extensions, like OpenID Simple Registration Extension or OpenID Attribute Exchange Extension.
Introduction
OpenID allows people to use their accounts from any compliant web service (including livejournal, google accounts, yahoo accounts and many others), to login into any OpenID compliant 3rd party web application.
It simplifies life for both user and application developer. There is no need for the user to fill any registration form, create and remember new password. The application developer does not need to implement registration forms, email confirmations, password restore procedure.
From the application developer perspective, the login process looks approximately like the following:
- User provides his identity - an URI (like http://petya12.livejournal.com/). This may be implemented by a trivial HTML login form with a single input field:
or more fancy javascript control (in particular, there are ready-to-use javascript controls in Internet, for example: jquery.openid, openid-selector, and others):
In either case, the identity is a single URI.
- Application code initiates authentication process for the identity provided.
- When the authentication process is finished, the application code receives
a cryptographically confirmed reply, whether the user really owns the identity.
From now on the application knows who it is dealing with; and for example
can store the user identity on the session as the
'current-user
attribute.
On the step 2, the application may parametrize the authentication process with a request for user profile details, like email, full name, postcode, language, URL of his avatar image, etc. (As specified in OpenID Simple Registration Extension, and OpenID Attribute Exchange standards).
If the user account contains this information and the user has allowed it to be shared with the application, then on the step 3 the requested attributes are returned together with the authentication reply.
In the above description the application acts as an OpenID Relying Party - it delegates the authentication process to an OpenID Provider (livejournal in our example).
If you want to create an OpenID Provider to allow accounts from your application to be used to login into another web applications (similar to google accounts, livejournal accounts), CL-OpenID supports this too.
Reference documentation is available in the README.html file. Small examples are provided in the source code repository.
If you have questions or need help, contact the cl-openid-devel mailing list.
Demo
Running at Heroku: http://cl-openid-demo.herokuapp.com/
Sources: https://github.com/avodonosov/cl-openid-demo/
Installation
The project is available from Quicklisp.
Source code
https://github.com/cl-openid/cl-openid
Mailing lists
- cl-openid-announce for important announcements
- cl-openid-devel for discussions about CL-OpenID development
- cl-openid-ticket for Trac bugtracker ticket notifications.
Other resources
- Status updates on author's blog (RSS)
- Main project page
- ProtocolInformation, ExistingImplementations
- OriginalProposal
License
GNU Lesser General Public License version 2.1 with Franz Inc.'s preamble, also known as LLGPL (Lisp Lesser General Public License).
History
CL-OpenID is implemented by Maciej Pasternacki and sponsored by Google during Google Summer of Code 2008, on LispNYC initiative. LispNYC project mentor is Anton Vodonosov.
Attachments (2)
-
openid-selector.png (20.1 KB) - added by 13 years ago.
openid-selector screenshot
-
trivial-login-form.png (2.4 KB) - added by 13 years ago.
trivial login form
Download all attachments as: .zip