| This is the beginnings of an OpenID consumer implemention for Arc using the JanRain Python OpenID library. http://catdancer.ws/arc/openid0.tar Currently it gets to the point of coming back to the Arc powered website and verifying that the user has successfully logged in with their OpenID. To finish the implementation there will need to be a final redirect to get off the return_to page, and to do something useful such as to set a login cookie. From Arc I shell out to a Python program which calls the JanRain library. This is slow (like the original CGI-BIN programs were slow), but as login pages are probably a small percentage of overall page views maybe you won't care. (If you do care, you could rewrite the code to leave the Python program running in a separate process and use some kind of RPC mechanism to get from Arc to Python and back). To prevent some kinds of spoofing attacks, on return from the OpenID server the JanRain library checks that the "return_to" query argument is actually the same as the URL that was landed on (the page that is currently being served). The easiest way to get this would probably be to add it to the req data structure in srv.arc; in the meantime I cheat and pass the "return_to" query argument as the current page URL, thus fooling the JanRain library into thinking that the security requirement has been met. The JanRain library needs to keep two kinds of information across page requests. One is information about and secrets shared with OpenID servers; this information is not associated with any particular user's attempt to login. JanRain provides implementations for this data store (file or SQL), and I simply use the file implementation. The other kind of information is data about a particular user's login attempt, which JanRain recommends storing in a web server session. Thus at first I thought I'd need to write or use a typical session implementation, but then I realized that the "session" data only needed to be kept for a short time across a few pages (just for during the login attempt), so the data could be stored in an Arc fnid. On the Python side the "session" is serialized into a byte string, which on the Arc side is passed around through fnid's and passed back to Python in the second step of the login process, but is otherwise treated as an opaque value. To install with arc1, you'll need: - A working asv (For Linux, you'll need a patch for the date function. You can use Nathan Weizenbaum's patch available in the git respository http://git.nex-3.com/?p=arc.git, or my patch at http://arclanguage.org/item?id=2652) - Python and the JanRain Python OpenID library (http://openidenabled.com/python-openid/) - The arc1-tmpfile.patch included in the tar file, which exposes the tmpname function. As per their security policy Yahoo requires that OpenID consumer sites be running on a standard web port (80 or 443), so to work with Yahoo you'll either need an operating system that lets you give your Arc process the capability to serve port 80, or you'll need to do something like configuring Apache as a reverse proxy server so that you can be running Apache on the front end serving port 80 and passing requests back to your Arc server running on another port such as port 8080. | 
