Entries tagged ‘openid’

Redirecting your OpenID

posted January 4th, 2010, no comments, tagged

Previously, my OpenID login was under http://novemberborn.net/recent. But, with last week’s site update, I’ve added a landing page under http://novemberborn.net and am redirecting /recent to /latest. Albeit an improved setup, this has broken my OpenID logins to various websites which are expecting the login to be http://novemberborn.net/recent.

As it turns out, OpenID follows redirects, so even if I try to login with the /recent URL, the OpenID client is redirected to /latest which does not carry any OpenID information. Some Googling turned up a post from Will Norris entitled Challenges in changing my OpenID. He describes a few heuristics for detecting whether an HTTP request is an OpenID request:

  • The Accept header contains application/xrds+xml.
  • The user agent is identified as openid.
  • The user agent is an empty string, or the User-Agent header is not specified at all.

With these heuristics we can create a simple openid-redirect.php script that will redirect to /latest unless it’s dealing with an OpenID request, in which case it serves up a small HTML document carrying my OpenID information:

<?php
if(stripos($_SERVER["HTTP_ACCEPT"], "application/xrds+xml") !== FALSE ||
  stripos($_SERVER["HTTP_USER_AGENT"], "openid") !== FALSE ||
  empty($_SERVER["HTTP_USER_AGENT"])
){
  header("Content-type: text/html");
  echo '<html><head><link rel="openid.server" href="http://id.11born.net"><link rel="openid2.provider" href="http://id.11born.net"></head></html>';
}else{
  header("Location: /latest", TRUE, 301);
}
?>

Combine it with a simple mod_rewrite rule and we’re all set:

RewriteRule ^recent$ openid-redirect.php [L]

A quick test with curl to confirm everything is working:

mark$ curl -H "Accept: application/xrds+xml" -v novemberborn.net/recent
* About to connect() to novemberborn.net port 80 (#0)
*   Trying 8.17.171.168... connected
* Connected to novemberborn.net (8.17.171.168) port 80 (#0)
> GET /recent HTTP/1.1
> User-Agent: curl/7.19.6 (i386-apple-darwin10.0.0) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3
> Host: novemberborn.net
> Accept: application/xrds+xml
> 
< HTTP/1.1 200 OK
< Date: Mon, 04 Jan 2010 22:22:17 GMT
< Server: Apache
< Served-By: Joyent
< Vary: Accept-Encoding
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/html;charset=UTF-8
< 
* Closing connection #0
<html><head><link rel="openid.server" href="http://id.11born.net"><link rel="openid2.provider" href="http://id.11born.net"></head></html>

Now I can still use http://novemberborn.net/recent as my OpenID login, although I’m moving the various websites I use OpenID with to just http://novemberborn.net.