Robot Has No Heart

Xavier Shay blogs here

A robot that does not have a heart

Nginx, OpenID delegation and YADIS

Typically OpenID delegation reads delegation information out of HTML headers on your home page:

1
2
<link rel="openid.server" ref="http://server.myid.net/server" />
<link rel="openid.delegate" href="http://xaviershay.myid.net/" />

The problem with this is that any client trying to discover this information needs to fetch your entire home page. If that client is your page (commenting on your own entry, for instance), that request can get queued up behind the same mongrel that was serving the original request, which of course now won’t complete until the OpenID delegation request times out.

There is another way to provide delegation information. Clients will request your home page with an accept header of application/xrds+xml – and you can use that information to serve up a static YADIS file rather than your home page. Mine looks like this:

1
2
3
4
5
6
7
8
9
10
11
12
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"
      xmlns:openid="http://openid.net/xmlns/1.0">
  <XRD>

    <Service priority="1">
      <Type>http://openid.net/signon/1.0</Type>
      <URI>https://server.myid.net/server</URI>
      <openid:Delegate>https://xaviershay.myid.net/</openid:Delegate>
    </Service>

  </XRD>
</xrds:XRDS>

And I serve it up with this Nginx rewrite rule:

1
2
3
if ($http_accept ~* application/xrds\+xml) {
  rewrite (.*) $1/yadis.xrdf break;
}

Try it in the comfort of your own home:

1
curl -H 'Accept: application/xrds+xml' http://rhnh.net

Ref: OpenID for non-SuperUsers

  1. Sheldon Hearn says:

    Currently, that request is rejected with 406 Not Acceptable.

    Is this something you decided against for some reason?

  2. Xavier Shay says:

    I switched around my server config (on apache with passenger now), looks like I broke this. Hadn't noticed because I don't have the 1 mongrel problem anymore.

  3. grant says:

    I tried putting the
    "if ($http_accept ~* application/xrds\+xml) {
    rewrite (.*) $1/yadis.xrdf break;
    "}

    in my apache conf, but it was not happy with it, so I ended up still using..

    RewriteCond %{HTTP_ACCEPT} application/xrds\+xml
    RewriteCond %{HTTP_ACCEPT} !application/xrds\+xml\s*;\s*q\s*=\s*0(\.0{1,3})?\s*(,|$)
    RewriteRule ^$ http://example.com/yadis.xrdf [R,L]

  4. Xavier Shay says:

    Correct, the instructions above are for nginx, not apache. The rules you listed look good, I should use them...

  5. Andrey Zaikin says:

    your server returns
    HTTP/1.1 406 Not Acceptable
    just FYI

  6. Xavier Shay says:

    Thanks, see above comment about me not requiring it anymore.

Post a comment


(lesstile enabled - surround code blocks with ---)

A pretty flower Another pretty flower