User Authentication With RPX

The first step is to sign up with RPX.

Nicely enough, they use their own service, so you'll sign in to RPX using a third-party user ID. Pick whichever one you like. Then agree to their terms of service, and create an application. Name it whatever you want, and leave domains as localhost.

The Integration Guide link under Next Steps (lower right after you create your application) will give you the code you need to paste into those HTML pages where you want users to be able to log in.

Now, any sort of user authentication system isn't going to be a two-minute implementation. RPX makes it far easier than it would be to implement ourselves, but there's still some work involved. Plus, I'm assuming you know very little about creating web sites or web development, so we'll take it step by step.

How RPX Works

You'll put some code RPX gives you onto your login page. That gives you a nice widget in your web page that prompts the user to log in via Google, Yahoo, etc. We can even add sites like Facebook and Twitter later.

When the user clicks on one of those links and signs in whereever they chose, RPX is taking care of all the details. When RPX determines that they've successfully signed in, the RPX widget (in your user's web browser) will open up another page on your site.

This other page, called by RPX the token_url, will be sent information by RPX. That page must include server side code that connects to the RPX server to finalize the login and fetch the user's email address.

So the parts we write are:

1) A login HTML page that includes the widget code from RPX

2) A login results page that includes server side code for fetching the user's email from RPX

That login results page also needs to start a session and perhaps create a user account on our site for the user, and no doubt a number of other things we'll discover later. But that's all about our site's book keeping, and not about RPX. For now, we'll just have that page start a session.

Creating The Login Page

The sample project created by the Google Plugin for Eclipse already has a main HTML page. We'll just edit that and create our login page. So start up Eclipse and open up your project. In the project, go to the war directory and look for the HTML file that's named the same as your project.

Double click that to edit it, and let's see what we have to work with. Now go to RPX and log in and go to the Integration Guide.

You'll see some Javascript that's supposed to go at the bottom of the login page. Copy that and paste it just before the closing body tag in the HTML file. You need to change the token_url to the correct URL of the page that will handle post-login processing.

Since you haven't created that yet, let's just make up a name for it. Here's what I ended up with for that line in the Javascript:

RPXNOW.token_url = "http://localhost:8080/rpxresults";

Going back to the RPX Integration Guide, you also need to put a link where you want the Sign In link to appear. I'll paste mine after the H1 heading in the page. Don't forget to change the token_url in this link to match what you put in the Javascript!

Note for later: you should have looked twice at the use of "localhost:8080" in the token_url. That works for when we're running the Google App Engine development server through Eclipse, but not when we deploy the pages to the production server. We'll want to remember to change that before deploying!

Save the HTML file, and run the web application. You'll see the Sign In link. Click it, and you'll see RPX's list of third-party login providers.

That's step #1. Step #2 is to have the server side processing needed to finalize the login once RPX is done with the user. To do that we'll have to get into Java servlets, so that'll be the next post.