While doing some research for a project, I decided to install and configure the Drupal OpenID module to see whether it would suit my needs.
Here's what I did:
Set up OpenID identity server
Unfortunately, the OpenID server component is only available in Drupal 4.7 (although the project is looking for people to step up and help with the port to Drupal 5). Seeing as I didn't have an instance of 4.7 to play on, I set up a stock installation with no contributed modules.
- Create the domain name for OpenID server (optional). E.g. openid.example.com
- Download and install latest OpenID module for Drupal 4.7
- Enable the module
- Use the default settings
- Add some users. On the user home page, you'll see the following information:
"OpenID
You may login to other OpenID enabled sites using http://openid.example.com/user/3"
Set up OpenID consumer
Luckily, I had a Drupal 5 site on which I can test the OpenID client. E.g. test.example.com.
- Download and install the latest OpenID module for Drupal 5.
- Enable the module. In your login block, you should now see the OpenID logo and a link to "Log in using OpenID".
There is no settings hook for this version, so nothing to configure.
Things were rolling along, so I had to try it out. I logged into test.example.com using the OpenID login, and ran into my first stumbling block. I pasted "http://openid.example.com/user/3" into the OpenID login field, and the site redirected to openid.example.com for authentication, and then just hung there. It seemed as though the browser was waiting for some information to be passed, so I stopped the process and scratched my head.
To test the client, I signed up for a Livejournal account, and was able to use that ID to log into test.example.com without any problems. In fact, it was pretty darned slick. An account was created with the same username, email address, and password as the Livejournal account. Very cool. So the problem lies elsewhere.
Either a spark of inspiration or blind luck gave me the solution. I logged into the identity server as the user that I was logging into the consumer site as, and then (and only then) did I try the OpenID login. Lo and behold! I was redirected to the login page of the identity server, with the user information already populated for the OpenID user. I clicked OK and voila, I'm in. Or so I thought.
I went to "my account" and was met with "access denied". Apparently, the user that was created on test.example.com had a "blocked" status. It's funny that the user created with the Livejournal account was "active" from the get-go. Once the blocked user was activated, subsequent logins weren't a problem.
It turned out that on the consumer site (test.example.com), I had limited user creation to administrators only. Once I opened up account creation (without administrator approval, no less), the OpenID created user was no longer blocked. This still didn't explain how the Livejournal user worked. For the record, I haven't tested the "Visitors can create accounts but administrator approval is required" option.
That's it. There are rumours (more than just rumours, actually) that OpenID functionality is going to be built into Drupal 6. Niiiiice.