Martin Atkins mart at
Tue May 24 08:50:21 PDT 2005

Brad Fitzpatrick wrote:
> Here's Net::OpenID::Server ....
> It's really flexible.  If you find a way it's not I'd be both shocked and
> happy to fix it.
> Somebody should write a cgi script that uses this now. :)

I was going to write today a simple single-user ID Server CGI script 
using this which can just be dropped in and given a single username and 
password it will authorize. The target audience for this is someone who 
just wants to run his own ID server for himself alone on his 
otherwise-static website.

I have been halted by the quandry of how to handle the auth step. My 
first thought was to keep it simple and use HTTP auth, but digest auth 
in a CGI script isn't easy because of the need to retain the pending 
nonces. In general, maintaining any kind of state across requests is a 
royal pain in a CGI script.

Having the web server handle the auth step isn't easy because eventually 
the Consumer's backend code will request the public key and won't be 
able to "log in".

A CGI script using this, on reflection, also seems a little pointless. 
It would be far better to solve this kind of problem in PHP, which far 
more people are familiar with and able to run. Did Karl ever get PHP's 
crypto libraries to play ball?

More information about the yadis mailing list