OpenID Support in a TG2 Application
Written by
on
in
Snaking.
Spent most of the day playing with TurboGears Authentication/Authorization system. In particular, I stripped out the "quickstart" configuration and created a "who.ini" based almost-equivalent. With that, I added an OpenID provider using a repoze plugin... at the end of all that, I can log into my localhost quickstart application with a myopenid.com login. I've documented the whole thing in the customizing Authentication documents for TurboGears.
I'd like to figure out how to request e.g. email address or display name during the openid process so that the IDs we get are somewhat usable. To be really useful looks like we'll want to get an SQLAlchemy-based storage class written for python-openid (looks pretty straightforward), though I haven't yet figure out where the storage actually stores the end-user's information :) . Basically want to be able to do "what this user did" stuff for the OpenID-auth'd users.
Anyway, not going to get all that done tonight, so I think I'll call it a day.
[Update] with some help from Chris and mcdonc seem to have a fully working OpenID demo including SReg and automatic creation of new users for the authenticated sign-ons via a plug-in. I still want to provide "Login with Google", "Login with Yahoo", "Login with Hotmail" support, but that *should* be fairly straightforward once I figure out how you get back the open_id from the site when you've just clicked a button. I assume it's in the response and we just need to pull it out.
Comments
Comments are closed.
Pingbacks
Pingbacks are closed.
Chris Arndt on 10/05/2009 5:30 a.m. #
About a year ago, I took the TurboGears 1 tgopenidlogin extension (http://tgopenidlogin.googlecode.com/) and patched it to make it work with TurboGears 1.1 (then still beta).
I also updated its support for Simple Registration Extension (SREG), which is what you need to get the email address and user name etc. I posted my patch in the issue tracker of the tgopenidlogin project where I also attached an example project built with TG 1.1. I haven't tested this lately, but I think it should still work with the new TG 1.1 final version.
Unfortunately, development on tgopenidlogin hasn't progressed since, but it may be interesting for you to look at my patch to see how I handled SREG.
Chris
Mike Fletcher on 10/05/2009 10:06 a.m. #
Wow, thanks Chris. I used this to alter the repoze.openid plugin (fairly trivially) to request the user metadata, then altered it again to allow for recording the metadata via a plugin to set up User records automatically. With that you can log into a TG2 instance with OpenID. You can write an arbitrary plugin for the User setup, so can do whatever you want to make your OpenID users manageable. Thanks also to mcdonc on IRC for pointing out how to do the side-store plugin.
Daniel on 03/28/2010 12:29 p.m. #
I'm eager to see example you created. Where is it? I've been wanting to use OpenID, and seeing your example would be extremely helpful.