OpenID

  • Tags : security
  • Latest : 0.4.4
  • Last Updated: 29 May 2012
  • Grails version : 2.0.0 > *
  • Authors : Marcel Overdijk, Matthias Bohlen, Moritz Kobel
1 vote
Dependency :
compile ":openid:0.4.4"

Documentation Source

Summary

Provides simple authentication using OpenID

Description

OpenID Plugin

This plugin provides simple authentication using OpenID. Using OpenID you don't need to store user credentials in your own application, so no registration, forget password, confirmation or other flows need to be implemented anymore.

The plugin contains an OpenID controller which takes care of redirecting between your application and the OpenID providers, a handy taglib and a service. Using success and error urls you will be in full control of where the controller and the OpenID provider will redirect to in case of successfull login or error.

Installation

To install the OpenID plugin type this command from your project's root folder:

grails install-plugin openid

Usage

Creating a login form

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
        <meta name="layout" content="main" />
        <title>Login</title>         
        <openid:css />
    </head>
    <body>
        <h1>Login</h1>
        <openid:hasLoginError>
            <div class="errors">
                <ul>
                    <li><openid:renderLoginError /></li>
                </ul>
            </div>
        </openid:hasLoginError>
        <openid:form success="[action:'loggedin']">
            <openid:input size="30" value="http://" /> (e.g. http://username.myopenid.com)
            <br/>
            <g:submitButton name="login" value="Login" />
        </openid:form>
    </body>
</html>

In the above example, after a successfull login the user is redirected to the 'loggedin' action of the current controller. And in case of an error the user is redirected to current action of the current controller.

By default when no success and no error urls are specified, a redirect takes place to the current action of the current controller.

The example below redirects to a fixed controller/action independent of the current controller/action.

<openid:form success="[controller:'login', action:'loggedin']" error="[controller:'login', action:'error']">
    <openid:input size="30" value="http://" /> (e.g. http://username.myopenid.com)
    <br/>
    <g:submitButton name="login" value="Login" />
</openid:form>

TagLib

identifier

Renders the logged in OpenID identifier

Example:

<openid:identifier />

ifLoggedIn

Invokes the body of this tag if logged in

Example:

<openid:ifLoggedIn>body to invoke</openid:ifLoggedIn>

ifNotLoggedIn

Invokes the body of this tag if not logged in

Example:

<openid:ifNotLoggedIn>body to invoke</openid:ifNotLoggedIn>

css

Includes the openid stylesheet

Example:

<openid:css />

Actually imports '/web-app/plugins/openid-x-x/css/openid.css'

form

Renders a form which invokes and redirects to the OpenID provider for identification

Attributes:

  • success (optional) - a map containing the action, controller and id to redirect to in case of a successfull login
  • error (optional) - a map containing the action, controller and id to redirect to in case of an error during login
  • sregAttrs (optional) - a map containing the sreg Attributes to request in the format NAME:REQUIRED After successful login, a map with the Sreg Attributes is written into the session variable openidParams.sreg
  • extendedAttrs (optional) - a map containing the ax attributes to request in the format
[NAME:[typeuri:TYPEURI,required:REQUIRED,count:COUNT]]
If the required field is not supplied, it defaults to true. count defaults to 1. After successful login, a map with the Ax Attributes is written into the session variable openidParams.ax

Examples:

<openid:form>..</openid:form>
<openid:form success="[controller:'loggedin']">..</openid:form>
<openid:form success="[controller:'loggedin']" error="[controller:'login']">..</openid:form>
<openid:form success="[controller:'home', action:'loggedin']">..</openid:form>
<openid:form success="[action:'openIdSignIn']" 
          extendedAttrs="[fullname:[typeUri:'http://openid.net/schema/namePerson/friendly',required:true],email:[typeUri:'http://openid.net/schema/contact/email',required:true]]" 
          sregAttrs="[fullname :true, email:true,language:true]">
	…
</openid:form>

input

Renders an OpenID input field with fixed "openid_url" id and name

Examples:

<openid:input />
<openid:input size="30" value="http://" />

Actually renders: <input type="text" size="30" value="http://" name="openid_url" id="openid_url" class="openid_url" />

hasLoginError

Invokes the body of this tag if there is a login error

Example:

<openid:hasLoginError>
    <div class="errors">
        <ul>
            <li><openid:renderLoginError /></li>
        </ul>
    </div>
</openid:hasLoginError>

renderLoginError

Renders the login error

Example:

<openid:renderLoginError />

logoutLink

Renders a logout link

Attributes:

success (optional) - a map containing the action, controller and id to redirect to after logging out

Examples:

<openid:logoutLink>Logout</openid:logoutLink>
<openid:logoutLink success="[controller:'logout']">Logout</openid:logoutLink>
<openid:logoutLink success="[controller:'logout', action:'loggedout']">Logout</openid:logoutLink>

Service

The plugin also contains a service which can be used in custom application services or taglibs. It can be injected as any other Grails service:

class MyService {
    def openidService

… }

The service contains 3 methods:

  • getIdentifier(session) - Returns the logged in OpenID identifier
  • isLoggedIn(session) - Returns true if logged in
  • isNotLoggedIn(session) - Returns false if logged in

Configuration

The plugin accepts the following configuration parameters:

  • openid.allowedProviders - allowed OP Endpoints for openid. By Default all Providers are accepted.
  • openid.allowedSregAttrs - Allowed Attributes for Sreg Attribute exchange. By default all Attributes are allowed.
  • openid.allowedAxAttrs - Allowed Attributes for Ax Attribute exchange. By default all Attributes are allowed.
Example configuration:
openid {
	allowedProviders = ["http://my.openidprovider.com/server"]
	allowedSregAttrs = ["fullname", "email"]
	allowedAxAttrs = ['http://openid.net/schema/namePerson/friendly', 'http://openid.net/schema/contact/email']
}

Plugin version history

0.4 (Feb 29, 2012)

Added missing xerces runtime depency, upgraded to Grails 2.0

0.1 (April 24, 2008)