Friday, January 1, 2010

Automating User Registrations with OpenID and Spring Security 3.0 - Part 2

This is the continuation of part 1. See also part 3.

Spring Security provides support for OpenID out of the box. It is fairly easy to setup basic OpenID authentication. It even can automatically generate the respective login forms for you. But for my use case I wanted something more elaborate. Here is a basic flow of my "Spring Security OpenID integration solution" (early working draft):

Step 1: User starts the login process using OpenID.
Note that the 'OpenID' between providers varies quite a bit.




Step 2: After pressing the Login button, Spring Security processes the request and using openid4java under the hood, you are redirected to the login page of your OpenID provider in this case Google.

 

Step 3: In step 2 you authenticated successfully (with Google in this case), but you don't have a valid account with jRecruiter itself, yet: In this instance, grab all the useful information that is available through the OpenID account/profile and then forward (Redirect) to the registration page. There pre-fill the form with the grabbed information (E.g. email, first name, last name etc.)


 


Of course I need to add some more sophistication around my user registration process. Nevertheless, I hope the general flow is clear. While OpenID is a fairly widely adopted standard, there seems to be a bit of fluctuation in regards to what data sets providers will allow you to fetch, as well as how to fetch them (e.g. different name-spaces). Thus, it looks like in order to automated an OpenID-supported registration process, you need to be aware (code for) specific providers. I need to explore that area a bit more.

In my next posting I will finally provide some source code. If find some time, take a look and play around with openid4java. The OSS project provides various examples, and the 'simple-openid' example is really helpful for understanding the actual openID registration process. Stay tuned.

2 comments:

Martin Davidsson said...

Looking forward to seeing some source code. When I upgraded to Spring Security 3.0.1 from 2.x my OpenID login stopped working. I'd be curious to see your HTML markup for the login page, your applicationContext.xml file and whatever interfaces your relevant beans from that XML implement. Thanks

Gunnar Hillert said...

I will try this weekend. Work, running a JUG, planning for DevNexus 2010, children - I need 48 hour days ;-)