Roll your own OpenID, the easy way

I think that OpenID is a great idea, but there are just too many providers to choose from. Without even actively signing up for one, I’ve got at least six OpenID’s already: one from WordPress, another from Technorati, and from Blogger, Yahoo!, Flickr and AOL. Either one would do fine, but one thing bugs me: do I really want my identity associated with one of these companies? I don’t dislike either one, but my only relation to them is that I use their products. I don’t think of myself as a WordPress user, I’m not even a loyal one (my other blog is based on Chyrp).

One solution is to go with an OpenID provider that uses less branded URL:s. By way of recommendation I have found myOpenID, which works. Your ID URL looks like http://username.myopenid.com/, which I think is perfectly acceptable. But it gets better. It turns out that myOpenID has a feature where you can use your own domain in your OpenID URL (look for “Your Domains” in the menu). If your hosting company gives you access to the DNS records of your domain you can set it up so that you can create OpenID’s that look like they are hosted by you — and in the background myOpenID does all the authentication and provides the administrative tools.

In a few minutes I managed to get it configured and I’m happy to say that I can now identify myself as http://openid.iconara.net/theo. That is the kind of URL that I think everyone should be able to have if OpenID is going to become the one and only authentication platform on the web. It describes what it is (“openid”) and who I am (“theo” of “iconara”).

OpenID logo

Oh, and is it only me or does the OpenID logo look just like the PlayStation logo when it appears in icon size (as it usually does in login screens and such)?

One Response to “Roll your own OpenID, the easy way”

  1. Eric Greveson Says:

    I’ve tried OpenID as an authentication service for Web apps that I’ve written before, and although the coding and management consequences are quite nice (no need to worry about storing usernames and password hashes, writing “reset password” forms, or giving users yet another password to remember), there is a more fundamental problem.

    The URL-as-username model is all well and good for developers and 8-year-olds but it completely throws a large proportion of people who use computers and the internet every day as part of their job. URLs are for typing in the address bar and pasting into emails: usernames are typically either text-only fields or email addresses. Having a username beginning “http://” can confuse otherwise intelligent users, and makes them question if they’re inputting their details correctly.

    The situation can be improved by partially filling in the login box (e.g. typing the “http://” part automatically), but it’s still a bit weird compared to everything else on the web.

    I’d personally like to see some common auth standard emerge, even if it is OpenID, but I won’t be inflicting it on my users again for a while yet.

Leave a Reply