Easy OpenID Delegation with Yadis

Lets say you have a site somewhere that you want to use as your openid. The easiest way to delegate OpenID is to put these in your <head>

<link href='http://www.myopenid.com/server' rel='openid.server'/>
<link href='http://ptarjan.myopenid.com/' rel='openid.delegate'/>

That requires that the URL you are putting them on returns HTML. For me, I have a 302 redirect from http://paulisageek.com to http://blog.paulisageek.com so all of my enpoints are getting my identity as http://blog.paulisageek.com. Not what I wanted.

Enter : Yadis. I created a small Yadis file that says the same thing as those link elements. openid.xml.

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)" xmlns:openid="http://openid.net/xmlns/1.0">
    <Service priority="10">
    <Service priority="20">

And then redirect it if the HTTP Accept header is application/xrds+xml. This is my index.php on paulisageek.com :

if (strpos($_SERVER['HTTP_ACCEPT'], "application/xrds+xml") !== FALSE) {
    header("Content-Type: application/xrds+xml");
    echo file_get_contents("openid.xml");
} else {
    header("Location: http://blog.paulisageek.com");

And Voila, it work as an openid endpoint.

Update: You can also use mod_rewrite to get people to your openid.xml file :

    RewriteCond %{HTTP_ACCEPT} application/xrds\+xml
    RewriteRule .* openid.xml [T=application/xrds+xml,L]

You can replace .* with the urls that you want to be allowed openids, but I intentionally have .* so that I can have unlimited openids for myself.

Posted on 29 June 2009 by Paul Tarjan

If you liked this, you might also like...