phpMyID

This page is kept for posterity. phpMyID is no longer maintained.

phpMyID is a standalone, single user, OpenID Identity Provider.

The source is available on github.

Description

OpenID is an open, decentralized, free framework for user-centric digital identity (I stole that from their website). But what does it mean? Well, basically OpenID is a way to authenticate yourself to various places (websites) by verifying your identity as the owner of a particular URL (say, a website of your own). Instead of giving a username and password to a login form, you just give it your URL. You're then directed to your "identity provider" to log in, and when it authenticates you, you go back to the site you were orignally trying to get into. Why this is good or bad, and what the actual implications of it are... well, that's all mostly outta scope as far as phpMyID is concerned. Suffice it to say, phpMyID acts as an "identity provider" so you can log in to OpenID enabled sites.

From a user point of view, OpenID is a neat concept, but it has a few flaws. For example, when I wanted to actually, y'know, get an OpenID thingie of my own so I could log into OpenID sites, I found there was no satisfactory way to get one. My options were:

Since I couldn't find the simple solution that I wanted, I did what any [idiot|geek] would do, and created the missing option for myself: a single user OpenID server. phpMyID.

Why Use it?

How to Use

phpMyID is a single user (though, if you were so inclined, you could easily turn it into a multi-user setup) IdP, or "Identity Provider" for the OpenID framework. It's a single PHP script with minimal dependancies. You don't need a database, you don't need to make your filesystem writable, you don't need to download any libraries, and you don't need to recompile PHP. Okay, well, you shouldn't need to do any of that.

Installing phpMyID requires an MD5 hashing utility. Why? Because you have to authenticate to it using a password. phpMyID uses HTTP Digest authentication for security and your password must be encrypted when you enter it during installation. Say it with me: "passwords should never be stored or transmitted in plain text" (one of the advantages of phpMyID and OpenID is that they never are).

For Linux or OSX (or any other Unix-like OS), I suggest using OpenSSL to encrypt your password. For Windows, there are a number of utilities available, but I recommend this one by Colin Plumb. It's public domain code, and it will do exactly what you need (yes, the hash it create is all upper-case - don't worry, phpMyID will convert it for you). You can use PHP's md5 function to generate your hash for you on the fly, but I must discourage doing so. Not only does it take all the fun out, but you have to store your password in plain text to make it go.

Complete installation instructions, including examples of how to encrypt your password, are available in the provided README file.

Important

phpMyID is not compatible with hardened PHP installations. In particular, Suhosin is known to cause problems.