Saturday, December 1, 2007

OpenID with Flex and Rails

Standard Applications...

We actively support OpenID for our open source products that require login authentication. Most applications don't require rigorous authentication, so presenting a simple dialog with only open id uri works fine.


The dialog above allows the user to access an open id application or register for a new open id account. The registration process takes the user to an open id provider, such as MyOpenID. The backend, rails in this case uses the access uri to discover the provider and confirm the authentication, i.e., log the user in.

Additional Security...

Using open id for your applications means that you don't have to store, or protect the user's password. It also lets the user access many applications with a single password. But sometimes an application, or a specific process within an application requires further authentication. That's where the authentication dialog comes in.


The dialog above presents an input and set of images. The input accepts the user's challenge code and the images are part of a group configured by the user. Only one of the images is the correct one, so if the user enters the correct challenge code and clicks on the correct image, access is granted. Look ma, no passwords!

Challenge Code...

So where does this challenge code come from? Well, during the registration process the user selects the method of delivery for the challenge code. The options are sms, email, pager, or a discrete application. The challenge code itself is a random set of characters with a minimum of ten characters (all numeric for pagers). For email a complex uuid is used so copy/paste is usually required.

You can access a non-working demo here. We hope to have a working demo soon...

No comments: