.htaccess
file.Based on the results of my Unobtrusive OpenID post, it is quite evident that there is a lot of partial knowledge about OpenID out there. While my knowledge on the subject is far from complete, this post is my attempt to share what I have learned with others.
The target audience for the bulk of this post is people who are capable of adding autodiscovery links to their blog templates, may be able to install a small PHP script and/or know what a HTTP header is.
For starters, one thing I didn’t make clear is that I was expecting people to continue to use their blog or homepage URI’s; what I did not expect was that people would start to use their identity URIs instead. These people have identities hosted by LiveJournal, Verisign, MyOpenID, 2idi, Technorati, Vox, TypeKey, and others.
What I expected would happen instead is that people would claim their blogs using their identity. In OpenID terms, this is called delegation, which sounds scary, but in reality it is just a form of autodiscovery, just like you do for your feed.
If you have an OpenID identity and a blog, then follow these instructions. If you don’t have an OpenID identity, you can get one for free at MyOpenID. Here’s mine.
Given such an identity, copy the following into the head
section of your weblog, adjusting the two URIs as appropriate:
<link rel="openid.server" href="http://www.myopenid.com/server" /> <link rel="openid.delegate" href="http://samruby.myopenid.com/" />
That’s pretty much it. What this says is that the web page in question is owned by the owner of http://samruby.myopenid.com/
and furthermore http://www.myopenid.com/server
may be used to verify ownership of http://samruby.myopenid.com/
.
By claiming your blog or homepage in this fashion, you can then use your URI (i.e., the URI of your blog or homepage) as your identity. Having this level of indirection is a good thing. If you ever become dissatisfied with your identity provider for whatever reason, you can easily and transparently switch providers.
When done, feel free to check your setup. You may find that the autodiscovery features of most OpenID libraries are not as robust as those for feed autodiscovery. Never fear, there is a solution for this later in this post.
This next step is entirely unnecessary, but I suspect that it will be popular with many of the readers of this blog. Letting someone else host your identity is actually good from a security perspective, after all, any fool can vouch for themselves (and below, I’ll show you how), but having somebody else vouch for you is often better, if for no other reason, it gives the person who is checking up on you a place to report spammers.
Of course, services can be compromised; but as already stated, you can always switch providers quickly.
The real downside is privacy. It gives somebody else partial information about a portion of your online habits. And much of the information that they don’t have is readily discoverable.
There is also control issues. After all, what good is a decentralized identity system where your only real choice is to delegate to a centralized server that you don’t control?
The good news is that it is easy. You don’t need any of these libraries. Simply download phpMyID. Place the one php file in on your web server and modify two lines:
'auth_username' => 'test', 'auth_password' => 'e8358914a32e1ce3c62836db4babaa01'
In the first, put your desired username (Duh!), and in the second one put the md5 hash of the following: username:phpMyID:password. There are many ways to compute this, and the README suggests the following for Unix/OSX:
echo -n 'username:phpMyID:password' | openssl md5
Or the following for Windows:
md5.exe -d"username:phpMyID:password"
I’ll add that you can even get by with:
echo '<? print md5("username:phpMyID:password") ."\n" ?>' | php
Now visit the page you just updated in your browser. It will identify itself with something like this: http://intertwingly.net:80/id/MyID.php
. Place this information in both the openid.server
and openid.delegate
autodisovery links, and re-verify your setup.
Unlike other implementations, this one avoids using HTML forms for login, and instead uses HTTP digest authentication. This is a good thing.
Update: phpMyId
has changed a bit since the time this was originally written.
So far, you have been able to host your own identity, but let’s face it, the URIs are a bit crufty, eh?. This shouldn’t matter much to anyone, but cleaning this up a bit will provide a bit of future proofing should you ever want to use a different implementation to host your own identity.
Often you can decruft your openid.server URI simply by renaming the script from MyID.php
to index.php
. You may need you to tweak your DirectoryIndex, which in turn may require AllowOverride Indexes
to be set in your Apache configuration. Simply by doing this, my decrufted server is now:
http://intertwingly.net/id/
Decrufting your openid.delegate is even easier. Simply find the line in the php script that sets $idp_url
and add another line after it which sets it to the value you want it to be. By setting it to my weblog address, I can eliminate the need for a openid.delegate
autodiscovery link entirely!
$idp_url = 'http://intertwingly.net/blog/';
At this point, I have two Identities, but I can only declare one, and can only declare it in a rather fragile and HTML specific manner. This is good enough for most purposes, and one can certainly stop there.
But let’s not.
YADIS defines a simple format for declaring multiple identities, potentially using multiple different protocols. Here’s what mine looks like so far:
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)" xmlns:openid="http://openid.net/xmlns/1.0"> <XRD> <Service priority="1"> <Type>http://openid.net/signon/1.0</Type> <URI>http://intertwingly.net/id/</URI> <openid:Delegate>http://intertwingly.net/blog/</openid:Delegate> </Service> <Service priority="2"> <Type>http://openid.net/signon/1.0</Type> <URI>http://www.myopenid.com/server</URI> <openid:Delegate>http://samruby.myopenid.com/</openid:Delegate> </Service> </XRD> </xrds:XRDS>
Not too bad, eh? Two services, one of a lower numerical (and therefore higher logical) priority that I host myself, and one using MyOpenID; both associated with http://openid.net/signon/1.0
. This information is simultaneously richer, more extensible, and easier to consistently parse than autodiscovery links placed in HTML as practiced on the web today. Just be sure to return this information with the correct MIME type:
AddType application/xrds+xml .xrdf
Now, how do I connect it in with my weblog? It turns out that there are multiple ways, so let me start out with what I consider the best way to be: redirecting requests based on the value of the HTTP accept header, thus:
RewriteCond %{HTTP_ACCEPT} application/xrds\+xml RewriteCond %{HTTP_ACCEPT} !application/xrds\+xml\s*;\s*q\s*=\s*0(\.0{1,3})?\s*(,|$) RewriteRule ^$ http://intertwingly.net/public/yadis.xrdf [R,L]
I like that way best because tools looking for my identity don’t first have to fetch my blog at all. The next best way involves a HTTP header which you can set thus:
<Files index.html> Header onsuccess set X-XRDS-Location http://intertwingly.net/public/yadis.xrdf </Files>
Finally, one can put this information in the HEAD sections of HTML documents, but only as a last resort:
<meta http-equiv="X-XRDS-Location" content="http://intertwingly.net/public/yadis.xrdf">
As always, when done, check your setup. In fact, you might find it instructive to check mine.
Astute readers will note that I still have the link
in my main weblog home page. That’s a fallback for consumers that don’t (yet) support YADIS.
All told: I signed up for one free service, installed and tailored one PHP script, added one line to my weblog template, created one simple XML file and added a total of four lines to my .htaccess
files.
I think you want ref="openid.delegate"
Fixed, thanks!
Hi Sam,
Nice article. I think your “Here’s mine” link wants to link to https://samruby.myopenid.com/ instead of https://www.myopenid.com/ .
“Here’s mine” link wants to link to https://samruby.myopenid.com/
Fixed, thanks!
Don,
“Consumer” was OpenID 1.0 terminology. Now that other groups have joined the party (LID, DIX, XRI, ...) OpenID 2 has switched to calling it the “Relying Party”, which is apparently the standard terminology for such things. (I’d never heard of it before this, personally!)
As far as I’m aware, the term “cardholder” does not appear anywhere in any OpenID specification past, present or future. The end user is called the end user.
The other “crazy term” was “IdP” (for “Identity Provider”, in 1.0 simply called the “server"), but that has recently been renamed to simply "OpenID Provider” (or "OP"), which I think is much clearer.
Martin, it’s always good to go from ‘crazy’ to ‘clear’. ;-p
Re ‘cardholder’, that’s just brainfart from my payauth past.
“Options +Indexes” only enables the mod_autoindex module, which is not needed
Fixed, thanks! I’ve also added a mention of AllowOverride Indexes
, which is probably what I was originally thinking of.
One issue I found with the rewrite code provided. This will cause the RP to redirect to that address, thus the final identity will be (in your case) “http://intertwingly.net/public/yadis.xrdf” as opposed to the URL you provided. I got around this by dropping the [R] flag.
Odd. I can successfully log in as http://intertwingly.net/blog/
at the LiveJournal site.
I’m clearly new to this, but I reason thus: the XRD file isn’t my identity, it contains a list of identities. One of the identities listed is my weblog.
The reason I like the explicit, external redirect is twofold: (1) it actually shows up in my Apache logs, and (2) I’m not normally a fan of content negotiation for the reasons Joe Gregorio gives. Having this data available under a separate URI makes me feel better.
Thank you for this article. It really simplifies the process of OpenID-enabling.
As for X-YADIS-Location, I think it’s a should rather than can. It won’t hurt to have it in the header just in case. I also believe the http-equiv value should be X-XRDS-Location.
I also believe the http-equiv value should be X-XRDS-Location.
Ah. I must have found an old document that I copied/pasted from.
Fixed. Thanks!
X-XRDS-Location in real HTTP headers and X-YADIS-Location in http-equiv? A search for X-XRDS on the yadis.org wiki leads me to believe that X-YADIS-Location is somehow deprecated.
Thanks for the post, though; exactly what I needed to read! --lbruno
A couple of points about phpMyID:
checkid_immediate_mode
function it tests against the string 'checkid_setup'
rather than 'checkid_immediate'
).$idp_url
to your weblog address. Most of the time phpMyID treats that variable as your Indentifier URL which works out ok. However, in immediate mode, it is also returned in the openid.user_setup_url
parameter which really should be the Indentity Provider URL. At least I think so. I find the whole user_setup_url
thing a bit confusing, so I could be wrong.But could I ask you to update this thread on the progress you do on the OpenID discussion list as I (and many others, I’d expect) don’t subscribe to it?
If anything definitive comes out I will certainly update this entry (and update atom:updated
), but at the present time, it appears that the discussion has wandered off into other topics.
The current status: I did an external, temporary redirect as I wanted to see this activity in my Apache Logs. The current status is that some servers will treat this as a permanent redirect, and use my XRD file as my identity (something that works just fine). Those that care about such things can drop the [R]
and replace the URI with either a relative or absolute file path and neither the Identity Provider nor your Apache logs will ever see the redirect happened.
Your preferred method for linking your XRDS to your blog URL will actually break your identity: a correct implementation will use the final destination URL (after following all redirects) as the claimed identifier, so you’ll end up being http://intertwingly.net/public/yadis.xrdf
instead of http://www.intertwingly.net/blog/
.
The other two methods (X-XRDS-Location header and HTML Meta tags) are the ones supported by Yadis discovery.
Your preferred method for linking your XRDS to your blog URL will actually break your identity
OK, I guess I ignored the OpenID login the first time, and threw away my 1st comment. Then again, it wasn’t working the first time, so it couldn’t actually validate me anyway.
To wrapup, for those fools who are currently following me, I managed to have openid.com instead of myopenid.com in the <link statements.
I also was experiencing issues with having buried the <link s to far down in the code (some PHP stuff and comments). Not going to worry about that one right now. Somebody else can.
But I now actually have it working. Enough. :-P ;-)
The other stuff I’ll try when I’m more sane. If that ever happens anymore. Sheesh......
How will this “break” my identity?Your preferred method for linking your XRDS to your blog URL will actually break your identity
A correct implementation, if it uses Yadis discovery, will use http://intertwingly.net/public/yadis.xrdf
as the claimed identifier; it is still yours, but a different one as far as the RP is concerned, while you assume / would like it to be the same one. This is what I meant by ‘breaking’.
Despite this alleged breakage, I can successfully sign on to openidenabled and livejournal. And validate with the JanRain Python library.
Can’t speak for them - they may be using HTML discovery, not Yadis. It may be worth checking this directly with them.
I explicitly and intentionally chose a temporary redirect. Does it make sense for YADIS to treat this response the same way it treats a permanent redirect?
As is being discussed in the related thread [http://openid.net/pipermail/general/2007-January/000946.html] on the OpenID list, redirects are not (yet) part of Yadis, and all redirects are treated the same in OpenID (in the normalization section).
while you assume / would like it to be the same one
Why would I assume and/or why would I like it to be the same one?
and all redirects are treated the same in OpenID
That spec text is not very specific and contradicts RFC 2616
Regarding phpMyID: is it not important if using this to run it on a SSL-enabled server? Given you will be entering your ‘master’ password for your openid profile it seems silly to send it in clear-text!
While TLS/HTTPS would be superior, phpMyID usses HTTP digest authentication, which means that the password is not sent in the clear.
OpenId is interesting and I see something that would push a bit further. I will try to explain a bit.
Weblog Comments and Weblog posts are exactly of same nature. They have an author, they refer to a content sometimes (either another comment or a weblog post), they have a text, a date, etc.
But why do we have to comment ON the weblog as I do now, when we could all comment on our system AND keep track, traces, archives of our comments locally. What would be neat is that comments section on people’s weblog would be just an aggregation of the comment/posts made elsewhere. hmmm yeah. Nothing new. Is it not what Trackback was proposing, but failed in part because of spam. Indeed.
Though come OpenId. Would it be possible to have a trackback+openid combination. When the trackback is done, it’s not only a link to the post which is made but the aggregation of the full content in the commenting zone.
Another way of doing it is that when you are registered with an openid, your openid system aggregates all your comments done elsewhere.
http-equiv="X-XRDS-Location"
http-equiv="X-YADIS-Location"
Great stuff; thanks for the very detailed instructions. You need to update the instructions with the latest versions of MyID.php, since for the non-PHP expert the latest 0.5 doesn’t set $idp_url directly anymore. Instead, it checks ! array_key_exists('idp_url', $profile), and if not, then defaults it to the current server.
The only other comment for non-experts is to carefully follow the MyID.php setup, especially the .htaccess stuff if needed: it relies on being served properly, which requires that your webhost allow you to use specific directives.
Hi,
I would like to inform you about a new Openid provider.
[link] allow you to create an OpenID account for free and manage your online identity.
You can create profils where you set witch informations you want to allocate.
This web site is based on the famous Joomla template.
In the redirect line for yadis, there is a [R,L]
(Redirect, Last).
This produces as a result that the PIBB service will use the yadis URL as User URL (not sure if rightly or not). Switching to [P,L]
(Proxy, Last) solved it here, and it looks that it produces no secondary effects, aside from a bit of access_log spam.
All of your comments were really interesting.
myID is providing a simple way to use your own URL as your OpenID even for people other than developers. Simply follow the steps.
Here’s URL : [link]
1) Go to “Use your own URL as your OpenID”
2) Type in your myID account and sign in.
3) Copy and paste the three URLs that appear onto the head section of your blog or homepage.
4) Now you can use your own URL as your OpenID.
Hi Sam,
Just wanted to ask you if you can update the DeCrufting part because on the new PhpMyID code, $idp_url variable is no longer a variable but part of the $profile[] array. I wanted to try your suggestions on decrufting but I don’t know where to place it since it is now an array and I have no idea how to program in php.
Great tips, by the way. Thanks.
Will
Hi Sam,
Just wanted to ask you if you can update the DeCrufting part because on the new PhpMyID code, $idp_url variable is no longer a variable but part of the $profile[] array. I wanted to try your suggestions on decrufting but I don’t know where to place it since it is now an array and I have no idea how to program in php.
Great tips, by the way. Thanks.
Will
Many thanks for the full description about OpenID, I have made one account and I have try it to my blogger blog, but I must change the “ sign in your code:
<link rel="openid.server” href="http://www.myopenid.com/server" />
to this ‘ sign to become:
<link rel='openid.server’ href='http://www.myopenid.com/server' />
so I could save my blogger template without Error message.
Goonie
I don’t know a whole lot about the OpenId thing, but honestly, would you want to have your ID linked to your Blog always? As the web progresses I think that it wouldn’t be a smart move. What if for some reason your post is victim of a hacker attack and things that you didn’t say get related to your identity online? Anyways good post.
Thanks
Jenn
Wow, really detailed information here, I have made one open id account and I have try with my blog, I hope it work to me with this new comment system. Many thanks Sam.
Rosari
I did the same as advised, I have this
<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://samruby.myopenid.com/" />
setup before the begin editable section in the template for my site [link]. But it is not working can you tell me where I am making it wrong.
<head><link rel="openid.server"
href="http://www.myopenid.com/server">
<link rel="openid.delegate"
href="http://cmadras.myopenid.com">
<!-- InstanceBeginEditable name="Meta" -->
<meta name="keywords"
Thanks for your help.
May I suggest an improvement to the regular expression of the YADIS redirection?
RewriteCond %{HTTP_ACCEPT} \bapplication/xrds\+xml\b(?!(?>[^,]*?\bq=)0(?:\.0{1,3})?(?:\Z|[\s,;])) [NC] RewriteRule ^$ http://example.net/yadis.xrds.xml [R=302,L]
Just wondering about something.
I’ve set up an open ID at a URL. Is it possible to change my mind at a later date and create a new openID and put up configure a delegation at the old openID url without losing sign-ins on sites where I’ve registered my then deprecated openId URI?
I’m trying to use openID to set up my Identity on [link].eu, which is my id aggregator. I put up these two lines, which I believe are right, in the head section of my website.
<link rel="openid.server" href="http://kurai.eu" />
<link rel="openid.delegate" href="http://kurainisei.myopenid.com/" />
But it doesn’t work at all. The verify utility tells me that kurai.eu fails, and I can’t use my address to login to opne ID enabled sites. What should I do to get it work?
Thank you!
So what about Yahoo’s OpenID? They provide me with an OpenID identifier but nothing else. Trying to use the method mentioned at the beginning of this post (and copied below), I am assuming would replace the openid.delegate URL withthe OpenID identifier URL provided by Yahoo. Well that sounds fine but what about the OpenID delegate (the server). Yahoo does not provide additional information to help with using a remote delegate. I’ve tried yahoo.com and yahoo.com/server and neither works. Has anybody else been able to use Yahoo but with your own domain?
<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://samruby.myopenid.com/" />
Hi,
I’ve a question about open id. Open id seems to be really useful and helpful for identification . But, how about automatic identification ?
if I log in a website with classical informations, a cookie can be create and use to reconnect me automatically.
If I use open id ? What happens ? Can I be reconnected automatically too ? Can I be reconnected automatically on all the website that accept my open id identification ?
Thanks
But, how about automatic identification ?
With OpenID, you log into your website, and then the website you want to use verifies that that login was done. The way you log into your website can use cookies. The verification is automatic.
In your tutorial, you write:
.......The good news is that it is easy. You don’t need any of these libraries. Simply download phpMyID. Place the one php file in on your web server and modify two lines:......
Place the one php file — where? In on? isn’t there something missing, such as a directory name?
Where exactly does the php file go? Into htdocs?
I just followed the “Claim your blog” section and it seemed working fine.
My new personal openid url is binh.name which is much shorter and identifiable than this original openidbinh.nguyen.myopenid.com
Thank you for this great tutorial and I wish the OpenID community great success... oh wait, it already is successful.
Hi Sam Ruby, thank you for this great instruction. I not only get myself an open ID but also an openID server at http://id.apmart.com too. That shall be good for someday I can have a collection of users using my own openid sub domain for their identification.
I hope this comment works.
Oh I read your spam policy and I’m really scared. What type of comment is spammed? Is it something like "just testing"? Please email me if you answer my question.
Thanks
Two days ago I was so happy to find what OpenID is, and with the help of Sam Ruby’s phpMyID script I was able to get my own single user OpenID provider. The next question is: What happens if my server is down when I want to access a resource that requires my OpenID? It seems I’ll not be able to use it.
I think YADIS can be of some help if the yadis.xrdf will be available at a third-party server: “YADIS defines a simple format for declaring multiple identities, potentially using multiple different protocols.”. I said ok, that’s good, if one identity can’t be checked, the second one can be used. It reminds me about loadbalancing and DNS nameservers. But it generates the next question: how SiteXYZ.com should treat two identities? where can I specify that two identities X and Y are aliases for the main Z identity.
After some readings about OpenID, I found ([link]) that there are many security, privacy, trust, usability and other problems. So now I’m scratching my head and think: should I really use OpenID? ... I think yes, but not for private things.
In the idcorner.org link above, I saw this: “Your identity provider is able to track all websites you log into. They even tell you it’s a feature. User profiling made easy!”. Ouch! Now I understand how important phpMyID is: nobody will be able to track your activities :)
I enable openid for my blog by finding and adding the necessary wordpress plugins. With this, users can log in to a my blog or leave comments and the other one will allow you to sign in to various OpenID supported sites using your blog URL.
These are the plugins for your reference:
1) WP-OpenID ([link])
2) OpenID Delegate WordPress Plugin ([link])
Is there an article in plain English for me and others not too technically informed? I’m getting about 1/3 of what this post mentions--about what I grasp from a typical Scientific American article.
Does OpenID help you remain anonymous with posts to other sites, or across blogs?
Is there a FAQ on OpenID?
Thanks in advance!
“All told: I signed up for one free service, installed and tailored one PHP script, added one line to my weblog template, created one simple XML file and added a total of four lines to my .htaccess files.”
Indeed very simple...but I suppose the average user will rather ‘claim’ their FaceBook identities through FaceBook Connect...and OpenID will remain geekness territory...Hmmm...
Hey there. Nice post but I’m having problems getting this to work with myopenid.com. I created an account as you said and in my wordpress theme’s header.php file I inputted the following just before the </head> tag:
<link rel="openid.server"
href="http://www.myopenid.com/server" />
<link rel="openid.delegate"
href="http://soldave.myopenid.com/" />
<link rel="openid2.local_id"
href="http://soldave.myopenid.com" />
<link rel="openid2.provider"
href="http://www.myopenid.com/server" />
<meta http-equiv="X-XRDS-Location"
content="http://www.myopenid.com/xrds?username=soldave.myopenid.com" />
But I am getting authentication errors when I try to log in with my website address. Any ideas why this could be?
great post !!! its really helpful for us..
thanks
Mehedi
i copied and pasted the 2 uri’s into my header.php file and adjusted the second one for my own openid account (that i just opened) but it doesn’t seem to be working.
<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://loveliette.myopenid.com/" />
i tried to leave a comment on my old blogger blog using my new blog as my openid but it didn’t work, i get this error: “your open id credentials could not be verified.”
i’m not sure what i’m doing wrong. i use wordpress though i host the blog myself. if you could clarify that would be great, thanks in advance!
Dimitar, I was able to use this page to carry my OpenID tests using a phpMyID instalation. However, the only way I managed it to work was by making openid.server
, openid.delegate
and idp_url
have the exact same value.
Thanks Sam for the Howto!
I recently registered myself to a site which asked me for my ‘open Id’ while registration. A number of sites are nowadays following this concept of ‘OpenId’,which for sure reduces the hassle of keeping track of various accounts made online.
I’ve only just realised how easy it is to integrate with a Wordpress Blog. If you do this then you can use your own domain to identify yourself. Now what could be easier than that?
Hi,
i am investigating Yahoo OpenID.bt am failing to get the exact methods ie of the form openid.server,openid.delegate,etc... invoked by a third party while authenicating for a website using yahoo uri.At the same time i am also interested in the response that yahoo provides and in what form.
I found a DTD for Google authentication.The following is just a part that includes its response:
window.opener.InlineLogin.receive_identity_from_server(
{"login_token_hash":null,"token":"3323b559de2c474b09ab6d280350ccce765e5164","status":"accepted","identity":{"region":null,"country":"India","postal_code":null,"formatted_name":"free bird","url":null,"photo_url":null,"provider_name":"Google","utc_offset":null,"gender":null,"street_address":null,"phone_number":null,"family_name":"bird","locality":null,"verified_email":"freebird246@gmail.com","birthday":null,"honorific_prefix":null,"honorific_suffix":null,"given_name":"free","display_name":"freebird246","identifier":"https://www.google.com/accounts/o8/id?id=AItOawmY50AnhCpNTjnTQcYW40ol02kJ3QPMbSM","preferred_username":"freebird246","formatted_address":null,"email":"freebird246@gmail.com","middle_name":null},"email":"freebird246@gmail.com","message":null,"identity_state":"acceptable","login_token_code":null,"nick":"freebird246"}
“md5 -s ‘username:phpMyID:password'” on OS X is a little bit shorter than
“echo -n 'username:phpMyID:password’ | openssl md5”
You get the same md5 hash.
Yet another convert to OpenID based on Sam’s de facto web reference for setting up your own OpenID server. I have it running now off my blog site.
Thanks Sam!
I’m new to OpenID. I just created one, above, and tried it on SlashDot. It recognized it but said I had to log in to “attach” it to an account. What good is that?
If Sam is an expert and, based on all the corrections in the comments, claiming your blog with Open ID must be really hard to do.
Also I think it’s interesting that these comments have the posting time right down to the second but we can’t even tell what year is was. Very strange design choice.
Peace,
Rob:-]
If Sam is an expert
I didn’t know what I was doing at first, but managed to muddle through it, and document what I did. At most, that makes me a bit of a trailblazer. It certainly doesn’t make me an expert.
we can’t even tell what year is was
The full date of the original post is at the top, just under the title. Comments are grouped into sections, each containing comments that were made on the same day. The date is included iin the header above each section.
Additionally, if you hover over the timestamp for an individual entry, you will see the full timestamp for that entry. That’s the design choice here: not to repeat the same information in each entry.
Minor bit of trivia: depending on your time zone, you might see different posts included in each section, depending on which day the comment was posted — relative to your time zone. The times themselves are also localized.
Sam, thanks for writing this!
I was hung up for a while because, even though I followed the instructions precisely, my password wasn’t being accepted.
I looked at the README for phpMyID and discovered the problem. (I don’t know whether or not this applies to all versions of phpMyID.) Since my server runs PHP in safe mode, PHP adds a number to the end of the authentication realm, so the realm was “phpMyID-XXXXXX” instead of “phpMyID”.
The password is really supposed to be a md5 hash of ‘username:realm:password’, so I had to change it from ‘username:phpMyID:password’ to ‘username:phpMyID-XXXXXX:password’.
If anyone else uses PHP in safe mode, you’ll need to make that change. You can check the realm by going to your phpMyID page, where it lists the server. (See Sam’s original instructions where it says "Now visit the page you just updated in your browser.")
Can I ask when was the last time this was updated as it would seem some of the links and steps have changed within this tutorial. For example phpmyID is now v0.9. The check your setup does not seem to work. While I’d love to sign up to a Janrain engage I simply do not have the dollars to cover the required for the plans, yes the free one is there but it is very limited.
Thanks
GW
For the phpmyid part you say to ‘put the md5 hash of the following: username:phpMyID:password’
Sorry to be a newb but do I substitute the username and password with my myopenid username and password or just enter it as exactly as the above?
Thanks
GW
This article is very useful for me.
Thanks Sam
In looking to try out yet another social service this weekend, I was presented with the following choices for login:
I never liked the idea of letting one of the major brands own my web identi ...
...In looking to try out yet another social service this weekend, I was presented with the following choices for login:
I never liked the idea of letting one of the major brands own my web identi ...
...