Easy OpenID Delegation with Yadis

Lets say you have a site somewhere that you want to use as your openid. The easiest way to delegate OpenID is to put these in your <head>

<link href='http://www.myopenid.com/server' rel='openid.server'/>
<link href='http://ptarjan.myopenid.com/' rel='openid.delegate'/>

That requires that the URL you are putting them on returns HTML. For me, I have a 302 redirect from http://paulisageek.com to http://blog.paulisageek.com so all of my enpoints are getting my identity as http://blog.paulisageek.com. Not what I wanted.

Enter : Yadis. I created a small Yadis file that says the same thing as those link elements. openid.xml.

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)" xmlns:openid="http://openid.net/xmlns/1.0">
    <Service priority="10">
    <Service priority="20">

And then redirect it if the HTTP Accept header is application/xrds+xml. This is my index.php on paulisageek.com :

if (strpos($_SERVER['HTTP_ACCEPT'], "application/xrds+xml") !== FALSE) {
    header("Content-Type: application/xrds+xml");
    echo file_get_contents("openid.xml");
} else {
    header("Location: http://blog.paulisageek.com");

And Voila, it work as an openid endpoint.

Update: You can also use mod_rewrite to get people to your openid.xml file :

RewriteCond %{HTTP_ACCEPT} application/xrds\+xml
RewriteRule .* openid.xml [T=application/xrds+xml,L]

You can replace .* with the urls that you want to be allowed openids, but I intentionally have .* so that I can have unlimited openids for myself.


2 Responses to “Easy OpenID Delegation with Yadis”

  1. goer Says:

    Testing OpenID delegation from http://www.goer.org.

  2. LKRaider Says:

    Thanks, your post was really helpful in setting my openid.I am now trying to find out if it's possible to add a Type for my pavatar also

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: