Provides a more HTTPish API around the ruby-openid library.
You trigger an OpenID request similar to HTTP authentication. From your app, return a “401 Unauthorized” and a “WWW-Authenticate” header with the identifier you would like to validate.
On competition, the OpenID response is automatically verified and assigned to env["rack.openid.response"]
.
MyApp = lambda { |env| if resp = env["rack.openid.response"] case resp.status when :success ... when :failure ... else [401, {"WWW-Authenticate" => 'OpenID identifier="http://example.com/"'}, []] end } use Rack::OpenID run MyApp
# Session needs to be before Rack::OpenID use Rack::Session::Cookie require 'rack/openid' use Rack::OpenID get '/login' do erb :login end post '/login' do if resp = request.env["rack.openid.response"] if resp.status == :success "Welcome: #{resp.display_identifier}" else "Error: #{resp.status}" end else headers 'WWW-Authenticate' => Rack::OpenID.build_header( :identifier => params["openid_identifier"] ) throw :halt, [401, 'got openid?'] end end enable :inline_templates __END__