Movable Type has built in support for OpenID, allowing readers to authenticate against any OpenID endpoint in order to leave a comment. However, administrators may wish to give preferential treatment to specific OpenID providers by designing a customized login experience optimized for a specific OpenID endpoint.

For example, both Vox and LiveJournal, two different Six Apart products, support OpenID. However, many users do not know what their OpenID is on those services. As a consequence they are either unable to or unaware that they can authenticate via those services to leave a comment on virtually any Movable Type blog.

To assist these users Movable Type has provided a specially designed login form for each service to collect the specific information needed in order to formulate an OpenID for each service.

Support for these services is provided through a framework that any developer can use to define their own trusted OpenID endpoints and login experiences.

What follows is the exact code from within Movable Type that registers a OpenID endpoint within the registry:

sub init_registry {
    my $plugin = shift;
    $plugin->registry({
        commenter_authenticators => {
            'LiveJournal' => {
                class => 'MT::Auth::LiveJournal',
                label => 'LiveJournal',
                login_form_params => \&_commenter_auth_params,
                condition => \&_openid_commenter_condition,
                logo => 'images/comment/signin_livejournal.png',
                login_form => <<LiveJournal,
<form method="post" action="<mt:var name="script_url">">
<input type="hidden" name="__mode" value="login_external" />
<input type="hidden" name="blog_id" value="<mt:var name="blog_id">" />
<input type="hidden" name="entry_id" value="<mt:var name="entry_id">" />
<input type="hidden" name="static" value="<mt:var name="static" escape="html">" />
<input type="hidden" name="key" value="LiveJournal" />
<fieldset>
<mtapp:setting
    id="livejournal_display"
    label="<__trans phrase="Your LiveJournal Username">">
<input name="openid_userid" style="background: #fff 
    url('<mt:var name="static_uri">images/comment/livejournal_logo.png') 
no-repeat left; padding-left: 18px; padding-bottom: 1px; 
border: 1px solid #5694b6; width: 304px; font-size: 110%;" />
<p class="hint"><__trans phrase="Sign in using your LiveJournal username."></p>
</mtapp:setting>
<div class="pkg">
  <p class="left">
    <input type="submit" name="submit" value="<MT_TRANS phrase="Sign In">" />
  </p>
</div>
<p><img src="<mt:var name="static_uri">images/comment/blue_moreinfo.png"> 
  <a href="http://www.livejournal.com/"><__trans phrase="Learn more about LiveJournal."></a>
</p>
</fieldset>
</form>
LiveJournal
            },
        },
    });
}

Comment Authenticator Properties

• class - the class or package name of the handler for processing form input and
• label - the display name of the service as it will appear to an end user of the application
• login_form_params - a subroutine responsible for populating the template context the necessary parameters to properly render the login form for the corresponding service
• condition - the conditions under which this OpenID endpoint will be displayed as an option to the user. This allows for developers to specify prerequisites that if not satisfied will prevent users from authenticating via this endpoint.
• logo - a small 16x16 logo used to identify users who have authenticated via this endpoint
• login_form - A reference to a template file, or the raw template code for the login form. This text can contain MT template tags that will be evaluated when the form is displayed to the user. The login form must contain at least one input parameter called 'openid_userid'. This parameter is used later to construct the OpenID endpoint or URL.

Authentication Handler

The class property identifies the authentication handler for the corresponding OpenID endpoint. The example below shows the authentication handler for the LiveJournal OpenID endpoint. This handler is responsible for translating the input from the user submitted from the login form into a valid OpenID URL. For example, the user is prompted for their LiveJournal username, the authentication handler converts that username into the corresponding OpenID URL:

http://username.livejournal.com

The user ID submitted by the user is translated into URL by the url_for_userid subroutine below.

Once a user has successfully logged in, Movable Type needs to extract a nickname or display name from the OpenID URL returned by the OpenID service provider. This is used for example to indicate the name or nickame of the person leaving a comment. This nickname extraction is performed by the _get_nickname subroutine. In the event the nickame cannot be detected or extracted from the URL returned by the provider, the subroutine below instructs the default Movable Type OpenID handler to return the default nickname.

package MT::Auth::LiveJournal;
use strict;
use base qw( MT::Auth::OpenID );
sub url_for_userid {
    my $class = shift;
    my ($uid) = @_;
    return "http://www.livejournal.com/users/$uid";
};
sub _get_nickname {
    my ($vident, $blog_id) = @_;
    ## LJ username
    my $url = $vident->url;
    if( $url =~ m(^https?://www\.livejournal\.com\/users/([^/]+)/$) ||
        $url =~ m(^https?://www\.livejournal\.com\/~([^/]+)/$) ||
        $url =~ m(^https?://([^\.]+)\.livejournal\.com\/$)
    ) {
        return $1;
    }
    *MT::Auth::OpenID::_get_nickname->(@_);
}
1;

Other Helper Functions

In the code sample above the context for the defined template is populated by the _commenter_auth_params subroutine listed below:

sub _commenter_auth_params {
    my ( $key, $blog_id, $entry_id, $static ) = @_;
    my $params = {
        blog_id => $blog_id,
        static  => $static,
    };
    $params->{entry_id} = $entry_id if defined $entry_id;
    return $params;
}

sub _openid_commenter_condition {
    eval "require Digest::SHA1;";
    return $@ ? 0 : 1;
}