Blog

When it comes to building services using the cloud, one often comes across the need to weave different cloud-based offerings together. One example is OpenID. I blogged about it last year. In this post, I would like to take it to the next level and offer a programming pattern for using it with specific examples for Google App Engine. JanRain’s RPX API makes it easy to incorporate.

Ingredients

When you sign up with RPX and register your application, you get:

1. A application ID,
2. An iFrame widget and
3. An API token.

When signing up, the domain names need to be provided. These are domain names from which an authentication request may originate. In our case, that includes localhost and www.example.com.

Recipe

Create a login page and place the iFrame widget on it. The iFrame will point to something like

src="https://example.rpxnow.com/openid/embed?token_url=appRpxURL"

where appRpxURL is a URL served by the application. When a user interacts with the login page, RPX calls the application at this URL with a token and the application is expected to turn around and request information about the user. This Google App Engine code fragment illustrates the interaction (to access it, you will need to use an OpenID login). At this point, the application knows the user id. This part is documented in a number of places on the web.

Integration

In a number of the applications we develop at Early Stage IT, the user id is stored in a session variable using GAE Utilities for the remainder of the session. The above-cited code fragment shows this also. The application is still responsible for determining what the user is entitled to do. The first thing to do in handling a user request is to verify that the user has the requisite application capability. This is illustrated in the last part of the sample code.

When the user logs out, clear the cookies by calling theSession.terminate()

If you use it…

…please cite this blog post. Feedback — positive or negative — gratefully accepted.