27th
Integrating OpenID, Authlogic and RPX into Rails
I’m currently putting together a new skeleton rails app as a starting point for a couple of new projects I’m working on. Decided to take a dive into the deep end and try to hook up OpenID as a login option. After looking at what’s available plugin wise, I decided to use the very brillant and excellent gem authlogic for handling user sessions. They had an open id module for it but it was fairly basic and didn’t support the full works (google, yahoo, myspace, twitter, facebook etc etc) out of the box.
After reading through some OpenID articles, I chanced upon this google blog entry and I fell in love with the screenshot. It was for uservoice.com’s login page. It was a work of art. I’m definitely incorporating some of it in my own web app. I think there was a slight logic error, I signed up with my Google Account then I tried to sign up with my Twitter Account (definitely could happen since there are so many options, I’m sure some people won’t remember which one they used.) However to complete the Twitter signup I had to enter a name and email, and it indicated the email was taken (used it previously for my Google signup, which is expected). It also indicated that:
We found an account already using the username ‘jarrold’
If this is you, please log in to link this to your current account
But only provided means to login with a Uservoice account, which I don’t have the password for (cause I signed up with my google account), I can’t even get them to auto-generate one (this should be very easy as it seems they are also using rails with authlogic), when I try the password recovery I get this message:
Sorry, as you signed up using a 3rd party you will need to ask them for your password.
So basically I’m in fix. Can’t login with twitter and I’ll have to try and error to see which OpenID I used the last time or sign up using a different email/login.
To workaround this issue, I when a User signs up with an OpenID, I also create a User Account for them in my db and link it to their OpenID. If he tries to sign up with another OpenID with similar login/email I prompt him to sign in using that account and link his other OpenID. And since he has no password, when he uses the password recovery, I’ll just generate a password, like normal, and send it to his email. So he can sign in and link his other OpenID. There is also a profile page where the user can manage the OpenIDs associated with his account.
Another great service is RPX. Instead of handling all the different OpenID relying partners, I can just work with a single point of contact. It has some nifty features like its mapping API to help you keep track of OpenID associations with your own user database (in the end I decided against this as I have a feeling my user database might change frequently and if I mess up the primary key all the OpenID associations might get messed up) and also it unifies the profile data that come in many different formats (OpenID Simple Registration, Attribute Exchange, hCard, Portable Contacts, Facebook API), so your application can just work with one format.
Thinking of also implementing the nice little floating Feedback button, that lots of websites have nowadays. I found two providers, uservoice and getsatisfaction
