Spent most of the day playing with TurboGears Authentication/Authorization system. In particular, I stripped out the "quickstart" configuration and created a "who.ini" based almost-equivalent. With that, I added an OpenID provider using a repoze plugin... at the end of all that, I can log into my localhost quickstart application with a myopenid.com login. I've documented the whole thing in the customizing Authentication documents for TurboGears.
I'd like to figure out how to request e.g. email address or display name during the openid process so that the IDs we get are somewhat usable. To be really useful looks like we'll want to get an SQLAlchemy-based storage class written for python-openid (looks pretty straightforward), though I haven't yet figure out where the storage actually stores the end-user's information :) . Basically want to be able to do "what this user did" stuff for the OpenID-auth'd users.
Anyway, not going to get all that done tonight, so I think I'll call it a day.
[Update] with some help from Chris and mcdonc seem to have a fully working OpenID demo including SReg and automatic creation of new users for the authenticated sign-ons via a plug-in. I still want to provide "Login with Google", "Login with Yahoo", "Login with Hotmail" support, but that *should* be fairly straightforward once I figure out how you get back the open_id from the site when you've just clicked a button. I assume it's in the response and we just need to pull it out.
Pingbacks are closed.