Hey there, I'm wojtha, fresh co-maintainer for the OpenID module.
Now I'm trying to fix the critical bugs of the OpenID in the D6 and D7. But I'm not an expert in this area, I dove to the OpenID standard 5 months ago for the first time so any help will be appreciated. Now I'm focused on my personal issues with the OpenID, trying to get following three and several connected issues to the next Drupal 7.x release:
Provide transition for accounts with incompletely stored OpenIDs
OpenID discovery spec violation - fragments are removed from claimed id
OpenID discovery spec violation - follow redirects.
(And it seems that they are finally going in 7.x, after 4 months of effort... knock, knock, knock ... WooHoo!).
From my point of view, these are the most annoying bugs, but it is just beginning. Issue queue for the Openid is pretty long.
I would like to see full support of the OpenID standard in the Drupal 8 wrapped in the reasonable API and now is the time when we can really change the things (in D8).
Glad to see that there is a still an activity around OpenID and I'm not alone.
OpenID is not dead!
Comments
great work Wojtha I think its
great work Wojtha
I think its really important that OpenID becomes really useful for Drupal developers and site builders.
for me, a publicly available OpenID single or simple signon solution is critical and its being developed, Omniauth
Bakery is single domain (i.e. no cross-domain) and there is nothing else internal to Drupal.. Janrain is often suggested but that is EXPENSIVE and proprietary
also, I think OAuth + OpenID needs to be more closely worked on
thanks for your contribution
Wow, great news Wojtha! This
Wow, great news Wojtha! This is awesome!!
Besides the issues you are mentioning, which are certainly very important and critical, I'd like to point you to the proposed steps on improving OpenID in general in Drupal: RFC: OpenID roadmap
As I'm working a lot on the Omniauth Drupal and OpenID Single Sign-On solution, I'd love to see, on the long run, OpenID AX support moving into the OpenID and OpenID Provider modules. I'm more than willing to help you with patches and ideas to improve OpenID in general in Drupal
Thank you guys
Ok, thank you, both of you, guys :-)
I know about the OpenID roadmap from Alex. I plan to look at it and review the current status of the OpenID in Drupal, including the contributed modules. Since it seems that currently you both are working with the OpenID on the higher level than me (I'm know interested only in the client's part), your knowledge and experience will be really valuable for me.
I agree that OpenID and OAuth should be in core or at least stable part of Drupal. There are several of issues around that. There is an issue to remove the authmap table, which allows each authentication module to store needed information in the needed structure. There is also an issue to remove OpenID from core - move it back to contrib. Several people told me, that without my effort in the last 3-4 months, OpenID will be probably removed from the 8.x core, because it wasn't actively maintained after walkah left the Drupal core. (But I'm in doubts if it is good or bad news, might be the contrib will be better place, with more control and with more space to improve things, like update the OpenID API for the current version of core. But on the other hand I agree with webchick, that Drupal core needs some external login mechanism in the core to test if the external login API really works and OpenID standard is still the best choice IMO.)
If you have an hour of spare time. The Provide transition for accounts with incompletely stored OpenIDs issue needs to be tested & reviewed by someone which knows whats going on. It is important issue, because without the transition path, webchick won't commit the rest of the issues. Might be it can be commited w/o the RTBC, since as a OpenID co-maintainer I have now the power to push things in on my responsibility. But I would be happier if someone who knows something about the openid looks at it and test it himself.
The issue deals with the invalid identifiers. e.g. if your claimed ID is "https://wojtha.openid.com/#dfgdg" and in the authmap is stored "http://wojtha.openid.com" (due to bugs in the current implementation), I'm trying to match these two together and update the old (and invalid) claimed identifier automatically if it is possible, based on the criterion that email address of the user account is the same as the e-mail address sent by the provider.