(Quick Reference)

1 Introduction

The OpenID plugin adds OpenID login support to a Grails application that uses Spring Security. It depends on the Spring Security Core plugin and requires at least version 1.1.1.

Using OpenID authentication frees you from having to maintain passwords for those users, but it also poses some challenges.

In a typical application that uses form-based logins with Spring Security, all of your user information is stored in the database. Since an OpenID user authenticates at an OpenID provider, you don't maintain their password but Spring Security needs information to populate an Authentication - username, roles, and account statuses (enabled, locked, etc.) Only the username is available from the OpenID login (plus optionally some attributes made available by Attribute Exchange), and the rest is provided by your application, usually from the database.

The plugin supports two workflows to integrate OpenID authentication with local user accounts. One is user registration, and the other is linking one or more OpenIDs with a valid local account. Both workflows are triggered by a successful OpenID authentication followed by a UsernameNotFoundException indicating that a local user wasn't found. The plugin provides basic implementations of both workflows but each application is different, so you'll most likely need to customize and extend the initial implementation.

1.1 History

• Version 1.0.4
• released July 24, 2012
• Version 1.0.3
• released July 31, 2011
• Version 1.0.2
• released March 27, 2011
• Version 1.0.1
• released February 13, 2011
• Version 1.0
• released July 27, 2010
• Version 0.1.1
• released May 12, 2010
• Version 0.1
• released May 03, 2010