Join Tom Geller for an in-depth discussion in this video Letting users log in through OpenID, part of Drupal 7 Advanced Training.
This video shows you one way to let people log in using the credentials they already have on other sites such as Google, LiveJournal, and WordPress.com. They still have full true accounts on your site and they have to fulfill all its registration requirements. But once that's done their login process is much easier because they're able to login using the credentials that they're used to on those other sites. I'm afraid that the system I will show you doesn't work with some popular sites, including Twitter and Facebook. I will show you how to handle those in the next video.
The magic is in the OpenID module, which is part of core Drupal but which is turned off by default. So we turn it on in usual way, by going up to Modules and then scrolling down to OpenID, and that's all you need to do. The best way to see how this works is to switch to another browser where I'm not logged in to my site and try to log in using my LiveJournal account. First, I'm going to simplify matters by not requiring e-mail confirmation or administrator approval to create the account as Drupal has those on by default. To do so, click Configuration and Account Settings, but of course you won't naturally be doing this because you'll generally want to keep those protections in place.
I'll say, Visitors can register and we don't Require e-mail verification. Briefly OpenID is what's called a three-party authentication system; there's the user, your site, and the other site which is known as an OpenID Provider. Here's what's going to happen. First, the user provides a username for an OpenID provider. In our example, it's going to be livejournal.com. Then our site contacts that OpenID provider and says, does this person really have a membership there. The OpenID provider says to the user, do you really want to login, if they're not already logged in.
If everything goes through as planned, then our site accepts that the OpenID provider has allowed this person through, and then our site asks the user to complete the registration process. So the user ends up with a real account on our site. However, in the future be able to login through that OpenID provider. Now let's see if it actually works. Now as I go through this I am going to let it fail, but I will show you how to get pass that failure. So here I am on my site but I'm not logged in yet. I'll just reload the page and you see something change in this User login area since turned On that OpenID module.
See, we now have this new option, Log in using OpenID. I click it and then I add my OpenID. In this case, it's tgeller. livejournal.com and log in. Now you see when our site went to LiveJournal, it said, aha, this person isn't actually logged in. So I'll go ahead and do that on LiveJournal. Now when I try to do this, LiveJournal just wants to make absolutely sure that I really want to give this information over to the other site, lynda.tomgeller.com.
I've a choice of doing it either just this time or for all time. I am going to select always, because I as the user always want to be able to go to the tomgeller.com site using my LiveJournal ID. So the handoff has happened. Now I am back on tomgeller.com and I add a username, I'll say tgeller and an e-mail address. Now you'll notice it already keeps track of the OpenID on the other site. So we click Create new account, and we are logged in. Now if we go up here and click My account, you'll see something interesting.
We have this extra tab, OpenID identities. As we go down we see that this account on my site is tied to the account on the LiveJournal site. I'm going to log out and then log in again using that ID. Now remember we are still logged in to LiveJournal, so this time when I say, Log in using OpenID, I enter my credential there, just my username not my password and say log in. It hands off the information and I'm logged in again to lynda.tomgeller.com.
What if at some point you decide I don't want lynda.tomgeller.com to have that information anymore, I don't want the two accounts to be linked. We can revoke that permission on the OpenID provider site. It will be in the different place for each one, so I recommend searching for OpenID on the provider site to figure out where it is. I'll do that on LiveJournal, and there we go. How do I use my LiveJournal account to log in to another web site? One of the links there is, review and edit the list of sites, and as we go there we see the credential that's handed off to that site.
If we want we can delete it. Now if we go back to lynda.tomgeller. com and log out, we would have to do the whole thing again, if we try to log in again as tgeller.livejournal.com. So you might be wondering which sites can I use as OpenID providers besides LiveJournal. You can find that and a lot more information at openid.net. The place to go is this Get an OpenID button and there's your list. OpenID was a great idea, but as you can see it's a little cumbersome to implement, even when Drupal takes care of the heavy lifting for you.
And as I mentioned, some important sites use a different standard or a proprietary system to do basically the same thing. In the next video, I'll show you one setup that gives your site a much more universal login.
Drupal 7 Advanced Training was designed as a follow-up to Drupal 7 Essential Training and it also dovetails nicely with our other Drupal courses, such as Drupal 7 Reporting and Visualizing Data and Create Your First Online Store with Drupal Commerce.
- Moving a site from the development environment to production
- Hosting a Drupal site
- Moving databases with phpMyAdmin and Unix commands
- Making site administration more efficient with Drush
- Backing up site data
- Moderating comments
- Migrating from previous versions of Drupal
- Working with themes
- Creating variable layouts
- Enabling social features
- Creating an online store with Drupal Commerce