Make life easier for users with OpenID for Drupal

The phenomenon that is Web2.0 has brought about many new opportunities to interact with websites. The downside of this so far has been the necessity to register for each site separately that creates the baggage of having to remember lots of user names and passwords. Help is at hand though with a new system called OpenID that might life easier for all of us in the future. The good news is that this can easily be integrated into Drupal to make your users' lives easier.

There have been attempts at solving the problem of having lots of user names and passwords before. One solution has been to use a program, such as the excellent KeePass, (Ubuntu package keepassx)
to store all the authentication details in a special database, protected by just one password. This works really well if you are mainly using just one machine, but is a bit of a problem if you move between machines regularly or your computer breaks. Another solution has been to use a centralised system to check a user's details. There are two problems with this approach though, the first is that it creates a single point of failure, if that authentication service breaks then no one can log into your website. The second is that you start to depend on the company providing the authentication service. You can't switch because then all of your users would have to reregister with somebody else, not great if that company increases their charges to a level that you can't sustain.

So the ideal solution is is an authentication system that is decentralised and not reliant on just one company, but still provides a facility where a user only has to remember one set of details; bring on OpenID, a system that does just that. With OpenID a user sets up an account with an OpenID identity provider, basically a website that allows you to register and gives you an OpenID which can be tracked back to them. When that user tries to log into a website supporting OpenID, that website just asks for their OpenID user name then sends the user off to the identity provider which will ask for and validate their password. The identity provider then tells the website if those credentials are valid. This is a rather simplified explanation, the Wikipedia article on OpenID explains the process in much more detail.

Interestingly, you may be closer than you think to having an OpenID of your own. Many of the big players on the internet are adopting this standard, Yahoo for example provide the option to add OpenID functionality to a Yahoo user name. The Open University has an experimental system to allow its user Ids to be used as OpenIDs through a project developed at KMi. For those running Drupal-powered websites, adding support for OpenID is very easy. In Drupal 6 the required module is shipped along with Drupal. In Drupal 5 you need to install an extra module, this can be found at:
http://drupal.org/project/openid. Once you enable the module you're done, there are no more configuration steps required!

To use the OpenID functionality, users must first register on your site. This might seem a bit strange but it means that users can be handled normally in Drupal. Once registered, users can elect to log in by OpenID rather than using the user name and password provided by your site. They do this by clicking on My Account on the left hand side, then click on OpenID identities where they can enter their OpenID.

When the user next comes to log in, instead of entering their user name and password assigned by your site they can click on Log in using OpenID and the identity provider will check their details. In fact now they can go ahead and forget the password your site assigned to them. Obviously they can use the same OpenID to log on to lots of different websites. A great bonus of this is that it makes it much easier for a user to log in to your website, especially if they are an infrequent visitor where having to go through a password reset procedure might put the user
off interacting with your site.

This is a great example of the modular functionality of Drupal providing a quick win for users and site administrators alike. With a minimum of effort it is possible to use OpenID. If a site was written from scratch it may well take many development hours to implement the same functionality.