Mercurial Mercurial > prosody > prosody-modules / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_openid/README.markdown
author Matthew Wild <mwild1@gmail.com>
Sat, 24 Sep 2022 09:26:26 +0100
changeset 5063 5f1120c284c5
parent 1889 b42eb10dc7d2
permissions -rw-r--r--
mod_cloud_notify_extensions: Add note about dependency Noting here because people might not click through to see it on the mod_cloud_notify_encrypted page.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1807
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     1
 
---
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     2
 
labels:
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     3
 
- 'Stage-Alpha'
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     4
 
summary: Enables Prosody to act as an OpenID provider
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     5
 
...
1786
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     6
 







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




     7


Introduction












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




     8


============












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




     9














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    10


[OpenID](http://openid.net/) is an decentralized authentication












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    11


mechanism for the Web. mod\_openid turns Prosody into an OpenID












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    12


*provider*, allowing users to use their Prosody credentials to












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    13


authenticate with various third party websites.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    14









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    15


Caveats












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    16


=======












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    17














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    18


mod\_openid can best be described as a **proof-of-concept**, it has












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    19


known deficiencies and should **not** be used in the wild as a












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    20


legitimate OpenID provider. mod\_openid was developed using the Prosody












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    21


0.4.x series, it has not been tested with the 0.5.x or later series.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    22









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    23


Details












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    24


=======







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    25









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    26


OpenID works on the basis of a user proving to a third-party they wish












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    27


to authenticate with, an OpenID *relaying party*, that they have claim












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    28


or ownership over a URL, known as an OpenID *identifier*. mod\_openid












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    29


uses Prosody's built in HTTP server to provide every user with an OpenID












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    30


identifier of the form `http://host.domain.tld[:port]/openid/user`,












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    31


which would be the OpenID identifier of the user with a Jabber ID of












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    32


`user@host.domain.tld`.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    33









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    34


Usage












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    35


=====







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    36









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    37


Simply add "mod\_openid" to your modules\_enabled list. You may then use












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    38


the OpenID identifier form as described above as your OpenID identifier.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    39


The port Prosody's HTTP server will listen on is currently set as 5280,












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    40


meaning the full OpenID identifier of the user `romeo@montague.lit`












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    41


would be `http://montague.lit:5280/openid/romeo`.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    42









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    43


Configuration












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    44


=============












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    45














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    46


mod\_openid has no configuration options as of this time.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    47









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    48


TODO












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    49


====







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    50









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    51


The following is a list of the pending tasks which would have to be done












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    52


to make mod\_openid fully featured. They are generally ranked in order












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    53


of most importance with an estimated degree of difficulty.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    54









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    55


1.  Support Prosody 0.6.x series (**Medium**)












b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    56


2.  Refactor code (**Medium**)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    57


    -   The code is pretty messy at the moment, it should be refactored












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    58


        to be more easily understood.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    59









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    60


3.  Disable use of "user@domain" OpenID identifier form (*Easy*)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    61


    -   This is a vestigial feature from the early design, allowing












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    62


        explicit specification of the JID. However the JID can be












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    63


        inferred from the simpler OpenID identifier form.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    64









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    65


4.  Use a cryptographically secure Pseudo Random Number Generator (PRNG)







1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    66


    (**Medium**)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    67


    -   This would likely be accomplished using luacrypto which provides












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    68


        a Lua binding to the OpenSSL PRNG.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    69














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    70


5.  Make sure OpenID key-value pairs get signed in the right order







1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    71


    (***Hard***)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    72


    -   It is important that the OpenID key-value responses be signed in












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    73


        the proper order so that the signature can be properly verified












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    74


        by the receiving party. This may be complicated by the fact that












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    75


        the iterative ordering of keys in a Lua table is not guaranteed












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    76


        for non-integer keys.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    77









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    78


6.  Do an actual match on the OpenID realm (**Medium**)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    79


    -   The code currently always returns true for matches against an












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    80


        OpenID realm, posing a security risk.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    81









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    82


7.  Don't use plain text authentication over HTTP (***Hard***)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    83


    -   This would require some Javascript to perform a digest.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    84









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    85


8.  Return meaningful error responses (**Medium**)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    86


    -   Most error responses are an HTTP 404 File Not Found, obviously












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    87


        something more meaningful could be returned.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    88









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    89


9.  Enable Association (***Hard***)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    90


    -   Association is a feature of the OpenID specification which












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    91


        reduces the number of round-trips needed to perform












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    92


        authentication.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    93









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    94


10. Support HTTPS (**Medium**)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    95


    -   With option to only allow authentication through HTTPS







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    96









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




    97


11. Enable OpenID 1.1 compatibility (**Medium**)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    98


    -   mod\_openid is designed from the OpenID 2.0 specification, which












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    99


        has an OpenID 1.1 compatibility mode.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   100









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




   101


12. Check specification compliance (**Medium**)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   102


    -   Walk through the code and make sure it complies with the OpenID












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   103


        specification. Comment code as necessary with the relevant












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   104


        sections in the specification.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   105














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   106


Once all these steps are done, mod\_openid could be considered to have












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   107


reached "beta" status and ready to real world use. The following are












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   108


features that would be nice to have in a stable release:







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




   109









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




   110


1.  Allow users to always trust realms (***Hard***)












b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




   111


2.  Allow users to remain logged in with a cookie (***Hard***)












b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




   112


3.  Enable simple registration using a user's vCard (**Medium**)












b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




   113


4.  More useful user identity page (***Hard***)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   114


    -   Allow users to alter what realms they trust and what simple












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   115


        registration information gets sent to relaying parties by












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   116


        default.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




   117









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




   118


5.  OpenID Bot (***Hard***)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   119


    -   Offers all functionality of the user identity page management












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   120









1889






b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis



Kim Alvefur <zash@zash.se>


parents: 
1807

diff
changeset




   121


6.  Better designed pages (*Easy*)







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   122


    -   Use semantic XHTML and CSS to allow for custom styling.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   123


    -   Use the Prosody favicon.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   124














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   125


Useful Links












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   126


============












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   127














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   128


-   [OpenID Specifications](http://openid.net/developers/specs/)












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




   129


-   [OpenID on Wikipedia](http://en.wikipedia.org/wiki/OpenID)














prosody-modules