Archive for May, 2007

OpenID for Drupal

Saturday, May 5th, 2007

There was a thread on the OpenID list around the subject of OpenID support in Drupal. Previously, I’ve experimented with the OpenID module originally written by Jonathan Daugherty from JanRain, now under maintenance by the folks at Bryght. That module uses JanRain’s PHP OpenID library, and it worked pretty much out of the box, with XRI support.

What I learned from this discussion thread is that James Walker from Bryght has been working on another OpenID module that is intended for inclusion into Drupal 6 core distribution, without using JanRain’s library. There are apparently things that Drupal-heads don’t like about the JanRain’s library, licensing may be one of the issues.

So I pulled the DRUPAL-5 codebase from CVS and installed it, then installed the 5.x-1.x-dev snapshot tarball to test it out. First thing I noticed was that it doesn’t support XRI, and I really didn’t expect it to. Then, when I tried logging in with my identifier, it wouldn’t work because I delegated it to my account. So, it doesn’t support delegate either.

Then I spent a few hours getting rudimentary XRI support into it, and made it work with delegates. Few days later, I realized that this was only a snapshot and the module is in the Drupal contributions repository. So, I threw away my installation but kept the patch I made of the 5.x-1.x-dev snapshot and started anew. The result is a patch that works with the Drupal CVS trunk as of today.

The changes are:
1. When a first-time user is authenticated, a local account is created but no role was specified. Modified the module to add the ‘authenticated user’ role to the user.
2. XRI support. This is very rudimentary and does not support canonical ID yet, but shouldn’t be hard to implement.
3. Delegate support. In OpenID 2.0, the submitted identifier (URL) is passed to the OP as the openid.claimed_id parameter, while the delegate, if present, is sent as openid.identifier.
4. In the meantime, I noticed that the while the URL normalization conforms to the OpenID Authentication 2.0 implementor’s draft 11 specification, it treats and (with trailing slash) as different identifiers. Well, they should really be the same as RFC3986 says that for HTTP, an empty path is equivalent to “/”. This normalization rule was reflected in rev 294 of the spec.

Of course this is only a *very* rough patch (no pun intended). I have never hacked Drupal before, and haven’t read much of its coding styles though I tried to follow the conventions in the original code. I do hope that at least parts of it can be integrated into the module though.

My development environment is here: Feel free to try it out.