wiki:OpenId

Version 4 (modified by davea, 3 years ago) (diff)

--

Support for OpenID

The goal is to let people use OpenID to attach and log in to BOINC projects.

There are now two types of accounts on a given BOINC project:

  • those authenticated with a project-specific password; a password hash is stored in the DB.
  • those authenticated via an OpenID provider; the provider URL is stored in the DB.

In both cases, an email address uniquely identifies the account; OpenID can be used only with providers who return an email address and a name.

Web interface

The Login page will show links to various OpenID providers as well as an email/password form.

NOTE: logging in with OpenID automatically creates an account if no account with that email address exists. If an account does exist, its name and country fields are overwritten with data supplied by the OpenID provider, if any.

On the Your Account page, instead of "change email address" and "change password" links, there will be a "change login information" link. This will go to a page that:

  • lets an OpenID account change to a different OpenID
  • lets an OpenID account change to an email/password account
  • lets an email/password account change to an OpenID account

On the "change other account info" page, OpenID accounts will not be able to edit their user name; this comes from the OpenID provider.

Manager interface

  • On the "identify your account" page of the Attach Project wizard, add a "Log in with OpenID" button.
  • Selecting this opens a web browser window.
  • User sees a page on project site listing OpenID providers (Google, Facebook, etc.). User clicks one.
  • The user sees the provider's login page. Depending on the provider, they may see "OK to send email addr to (project URL)?"
  • On successful login, user sees Welcome page on project site
  • Wizard shows Done page

Implementation

DB table

  • openid_login. fields: nonce, status, create_time

Project PHP pages

  • openid_login.php: Manager goes here. It takes a nonce ID as an arg. It creates an openid_login record. Shows list of links to OpenID providers.
  • openid_callback.php: Called by OpenID provider. Takes nonce ID as arg. Creates user record if needed. Displays status to user. Updates status field of openid_login record.
  • openid_poll.php: Web RPC called by client. Takes nonce ID as arg. Returns status and, if successful, authenticator.

GUI RPCs

  • openid_poll(url, nonce): initiate call to openid_poll.php
  • openid_poll_poll(status): poll for completion; if success, return authenticator

Manager

If user selects OpenID login:

  • create nonce ID, open browser to openid_login.php
  • show "communication with project" page
  • call openid_poll() and openid_poll_poll() until get status other than PENDING
  • On success, do project_attach() GUI RPC using authenticator
  • show success or failure in wizard