OpenID for eZPublish
Earlier this year I was investigating OpenID and decided to attempt to integrate it into eZ Publish. I got most of the way before I realised that the amount of existing code I had to replicate meant that the maintenance of the extension would be a nightmare.
After discussions at the eZ Developer Day I decided to upload the source to projects.ez.no and invite anyone interested check it out. If you want to contribute feel free to add yourself to the group.
The extension uses the PHP OpenID Library by JanRain. The version of the library used in the extension is 2.1.1. In future I plan at evaluating the use of the eZ Components OpenID Authentication module.
FeaturesThe extension provides the following features:
- Login using OpenID
- Register Using OpenID
- OpenID URL management
Clicking on the OpenID Register button will authenticate the user via the entered OpenID URL, retrieve some details from the OpenID profile and present the user with the registration form. Once the registration is processed the authenticated OpenID URL will be associated with the account. The user registration process has had the least testing.
The OpenID account management allows users to add and remove OpenID URLs that are associated with their account. The interface is available via a tab in the admin interface. Currently there are no ezwebmin (front end) specific templates.
The extension assumes you have an installed Website interface and works with eZ Publish 4.x.
Installing the OpenID extensionTo use the extension, grab it from svn. From the extensions directory run
svn co http://svn.projects.ez.no/openid/trunk/ openid
and enable in the usual manor.
Create the table the holds the link between the OpenID URLs & the eZ users:
mysql -u[user] -p [database] < sql/openid.sql
Create an OpenID accountIf you don't already have an open ID account get yourself one. I've used ClaimID, but there are plenty of other options. I've also used MyOpenID, SignOn and Sxipper which also has a great firefox identity/password manager add on.
Register an OpenID URL via Admin InterfaceIf the OpenID extension has been installed correctly you should see a OpenID Tab in the admin interface.
Clicking on the OpenID tab should produce a screen like:
You can now enter your OpenID URL into the field and click on "Register New OpenID" The extension will go off to the provider and ask you to authenticate. Once authenticated you will be asked if you want to:
- Login - Authorise login once
- Login and Trust - Authorise login for this and subsequent accesses
- Cancel - Don't authorise login
You should be able to logout and log back in using the registered OpenID URL. If you have previously loged in and trusted the site you will not have to enter your password.
Register a new user with an OpenID URLUsers are able to register using their OpenID URL from the login form. Entering an OpenID URL and clicking on the register button will pass the user off to the OpenID provider to authenticate and trust the site. Users will be asked if some of your persona information can be passed back to eZ Publish to prefill the user registration form.
The persona information is quite specific and currently only the email address is used. The mapping of the availiable persona information to the eZ user is one area that would benefit from work.
Once authenticated the user is able to progress with the regular user registration process. once completed the user will be able to login using the registered OpenID URL.
The user registration process has not been fully tested.
Future of this extensionThis extension was put together as a working prototype and as such is quite rough around the edges. It requires quite a bit of the existing user module & associated templates to be replicated and this makes it a pain to maintain.
The user authentication components of eZ Publish are not constructed in a way that makes it easy to implement OpenID style authentication systems. I hope and suspect that future versions of eZ publish will address this.
I may work on the extension from time to time but am unlikely to spend any real time on it in the near future. If you are interested feel free to signup as a project member, or contact me directly.
There is an existing Open Funding suggestion for OpenID support that may provide a means for getting OpenID support into eZ publish.