1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
|
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>File: UPGRADE</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<link rel="stylesheet" href=".././rdoc-style.css" type="text/css" media="screen" />
<script type="text/javascript">
// <![CDATA[
function popupCode( url ) {
window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
}
function toggleCode( id ) {
if ( document.getElementById )
elem = document.getElementById( id );
else if ( document.all )
elem = eval( "document.all." + id );
else
return false;
elemStyle = elem.style;
if ( elemStyle.display != "block" ) {
elemStyle.display = "block"
} else {
elemStyle.display = "none"
}
return true;
}
// Make codeblocks hidden by default
document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
// ]]>
</script>
</head>
<body>
<div id="fileHeader">
<h1>UPGRADE</h1>
<table class="header-table">
<tr class="top-aligned-row">
<td><strong>Path:</strong></td>
<td>UPGRADE
</td>
</tr>
<tr class="top-aligned-row">
<td><strong>Last Update:</strong></td>
<td>Fri Jun 27 15:51:42 -0700 2008</td>
</tr>
</table>
</div>
<!-- banner header -->
<div id="bodyContent">
<div id="contextContent">
<div id="description">
<h1>Upgrading from the <a href="../classes/OpenID.html">OpenID</a> 1.x series library</h1>
<h2>Consumer Upgrade</h2>
<p>
The flow is largely the same, however there are a number of significant
changes. The consumer example is helpful to look at:
examples/rails_openid/app/controllers/consumer_controller.rb
</p>
<h3>Stores</h3>
<p>
You will need to require the file for the store that you are using. For the
filesystem store, this is ‘openid/stores/filesystem’ They are
also now in modules. The filesystem store is
</p>
<pre>
OpenID::Store::Filesystem
</pre>
<p>
The format has changed, and you should remove your old store directory.
</p>
<p>
The ActiveRecord store ( examples/active_record_openid_store ) still needs
to be put in a plugin directory for your rails app. There‘s a
migration that needs to be run; examine the README in that directory.
</p>
<p>
Also, note that the stores now can be garbage collected with the method
</p>
<pre>
store.cleanup
</pre>
<h3>Starting the <a href="../classes/OpenID.html">OpenID</a> transaction</h3>
<p>
The OpenIDRequest object no longer has status codes. Instead,
consumer.begin raises an <a
href="../classes/OpenID/OpenIDError.html">OpenID::OpenIDError</a> if there
is a problem initiating the transaction, so you‘ll want something
along the lines of:
</p>
<pre>
begin
openid_request = consumer.begin(params[:openid_identifier])
rescue OpenID::OpenIDError => e
# display error e
return
end
#success case
</pre>
<p>
Data regarding the <a href="../classes/OpenID.html">OpenID</a> server once
lived in
</p>
<pre>
openid_request.service
</pre>
<p>
The corresponding object in the 2.0 lib can be retrieved with
</p>
<pre>
openid_request.endpoint
</pre>
<p>
Getting the unverified identifier: Where you once had
</p>
<pre>
openid_request.identity_url
</pre>
<p>
you will now want
</p>
<pre>
openid_request.endpoint.claimed_id
</pre>
<p>
which might be different from what you get at the end of the transaction,
since it is now possible for users to enter their server‘s url
directly.
</p>
<p>
Arguments on the return_to URL are now verified, so if you want to add
additional arguments to the return_to url, use
</p>
<pre>
openid_request.return_to_args['param'] = value
</pre>
<p>
Generating the redirect is the same as before, but add any extensions
first.
</p>
<p>
If you need to set up an SSL certificate authority list for the fetcher,
use the ‘ca_file’ attr_accessor on the <a
href="../classes/OpenID/StandardFetcher.html">OpenID::StandardFetcher</a>.
This has changed from ‘ca_path’ in the 1.x.x series library.
That is, set <a
href="../classes/OpenID.html#M000039">OpenID.fetcher</a>.ca_file =
’/path/to/ca.list’ before calling consumer.begin.
</p>
<h3>Requesting Simple Registration Data</h3>
<p>
You‘ll need to require the code for the extension
</p>
<pre>
require 'openid/extensions/sreg'
</pre>
<p>
The new code for adding an SReg request now looks like:
</p>
<pre>
sreg_request = OpenID::SReg::Request.new
sreg_request.request_fields(['email', 'dob'], true) # required
sreg_request.request_fields(['nickname', 'fullname'], false) # optional
sreg_request.policy_url = policy_url
openid_request.add_extension(sreg_request)
</pre>
<p>
The code for adding other extensions is similar. Code for the Attribute
Exchange (AX) and Provider Authentication Policy Extension (PAPE) are
included with the library, and additional extensions can be implemented
subclassing <a
href="../classes/OpenID/Extension.html">OpenID::Extension</a>.
</p>
<h3>Completing the transaction</h3>
<p>
The return_to and its arguments are verified, so you need to pass in the
base URL and the arguments. With Rails, the params method mashes together
parameters from GET, POST, and the path, so you‘ll need to pull off
the path "parameters" with something like
</p>
<pre>
return_to = url_for(:only_path => false,
:controller => 'openid',
:action => 'complete')
parameters = params.reject{|k,v| request.path_parameters[k] }
openid_response = consumer.complete(parameters, return_to)
</pre>
<p>
The response still uses the status codes, but they are now namespaced
slightly differently, for example OpenID::Consumer::SUCCESS
</p>
<p>
In the case of failure, the error message is now found in
</p>
<pre>
openid_response.message
</pre>
<p>
The identifier to display to the user can be found in
</p>
<pre>
openid_response.endpoint.display_identifier
</pre>
<p>
The Simple Registration response can be read from the <a
href="../classes/OpenID.html">OpenID</a> response with
</p>
<pre>
sreg_response = OpenID::SReg::Response.from_success_response(openid_response)
nickname = sreg_response['nickname']
# etc.
</pre>
<h2>Server Upgrade</h2>
<p>
The server code is mostly the same as before, with the exception of
extensions. Also, you must pass in the endpoint URL to the server
constructor:
</p>
<pre>
@server = OpenID::Server.new(store, server_url)
</pre>
<p>
I recommend looking at
examples/rails_openid/app/controllers/server_controller.rb for an example
of the new way of doing extensions.
</p>
</div>
</div>
</div>
<!-- if includes -->
<div id="section">
<!-- if method_list -->
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>
</body>
</html>
|
