Spring Security provides support for OpenID out of the box. It is fairly easy to setup basic OpenID authentication. It even can automatically generate the respective login forms for you. But for my use case I wanted something more elaborate. Here is a basic flow of my "Spring Security OpenID integration solution" (early working draft):
Step 1: User starts the login process using OpenID.
Note that the 'OpenID' between providers varies quite a bit.
- Google uses a generic login String that is the same for every user (http://www.google.com/accounts/o8/id)
- MyOpenID has a unique URI identifier for each user (e.g. http://mysupercoolusernmae.myopenid.com/)
Step 2: After pressing the Login button, Spring Security processes the request and using openid4java under the hood, you are redirected to the login page of your OpenID provider in this case Google.
Step 3: In step 2 you authenticated successfully (with Google in this case), but you don't have a valid account with jRecruiter itself, yet: In this instance, grab all the useful information that is available through the OpenID account/profile and then forward (Redirect) to the registration page. There pre-fill the form with the grabbed information (E.g. email, first name, last name etc.)
Of course I need to add some more sophistication around my user registration process. Nevertheless, I hope the general flow is clear. While OpenID is a fairly widely adopted standard, there seems to be a bit of fluctuation in regards to what data sets providers will allow you to fetch, as well as how to fetch them (e.g. different name-spaces). Thus, it looks like in order to automated an OpenID-supported registration process, you need to be aware (code for) specific providers. I need to explore that area a bit more.
In my next posting I will finally provide some source code. If find some time, take a look and play around with openid4java. The OSS project provides various examples, and the 'simple-openid' example is really helpful for understanding the actual openID registration process. Stay tuned.