I am developing the authentication part of my app and I've run into issues with coding authentication using OpenID.
I've looked at the Tipfy example code, but it seems written under the assumption that the OpenID provider is hard-coded to google.
I would like the user to be able to provide any OpenID they desire (isn't that the point?).
Does anyone have any example code that shows a user logging in using a user-supplied OpenID?
Does Tipfy allow any OpenID authentication?
If you want to authenticate any OpenID Url with Tipfy, you can't do it out of the box.
One main reason is because Tipfy does not have any discovery mechanism to retrieve the OpenID Endpoint from a given OpenID user url.
What Tipfy is missing?
Tipfy does not allow the point b. of the following workflow :
a. user submits foo.blogspot.com
b. the framework retrieves foo.blogspot.com
getting the OpenId endpoint from the html page:
<link rel="openid.server" href="http://www.blogger.com/openid-server.g" />
c. the framework redirects the user to the remote login page.
What Tipfy really offers?
The Tipfy openid extension* simply offers the OpenIdMixin
that is just a base class useful for building OpenID support to a specific platform (Google for example).
Indeed, GoogleMixin
class extends OpenIdMixin
:
class GoogleMixin(OpenIdMixin, OAuthMixin):
"""A :class:`tipfy.RequestHandler` mixin that implements Google OpenId /
OAuth authentication.
and it has the Google OpenID endpoint hard-corded:
_OPENID_ENDPOINT = 'https://www.google.com/accounts/o8/ud'
The name OpenIdMixin
is a little bit misleading near other classes names like GoogleMixin
, FriendFeedMixin
, FaceBookMixin
etc. etc;
the docstring should be more clear to specify that the class should just be extended as a base class and not used directly.
What do you need to support any OpenID url in your application using Tipfy?
You should use the same consumer userland library that Google App Engine has adopted to offer OpenID support; here the source code and here a live example.
In the specific, have a closer look to openid.consumer.consumer.py
file and how the XRDS/OpenID discovery happens; I think that with some work, you should be able to integrate this part into Tipfy OpenIdMixin
.
* the OpenID code is ported from tornado.auth
That code is just an example. You just need to allow the user to specify their OpenID provider's endpoint URL via a form, and get the value from the POST. It's just a string.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With