Implementation Example: OpenID

Now that we understand how OpenID works to connect relaying sites to different provider companies so they can leverage those providers’ user databases for their login flow, let’s look at a practical example of an OpenID implementation. This example can be used to connect to different providers and uses the different extension capabilities that we have discussed: Simple Registration, Attribute Exchange, and PAPE policies.

This example will be broken down into a number of files, ranging from our initial HTML form that starts the process to our OpenID control files and those files that allow the service provider to perform site discovery on the domain in which they are being hosted.

To implement OpenID, you will need to either create your own OpenID library or utilize one of the many libraries already available from the developer site at Unless you have a specific reason for creating your own library, I recommend that you not reinvent the wheel and instead use what is currently available.


When you are integrating OpenID on a new site, it is a good practice to have your XRDS domain discovery file in place to prevent certain providers, such as Yahoo!, from displaying domain verification errors to users during the OpenID process.

Get Programming Social Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.