Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fedora-infra/pyramid_fas_openid

Provides a view and functionality for handling OpenID auth against the Fedora Account System for Pyramid apps
https://github.com/fedora-infra/pyramid_fas_openid

Last synced: about 1 month ago
JSON representation

Provides a view and functionality for handling OpenID auth against the Fedora Account System for Pyramid apps

Awesome Lists containing this project

README

        

pyramid_fas_openid provides a view for the Pyramid framework that acts as an OpenID consumer for the Fedora Account System.

This code is offered under the BSD-derived Repoze Public License.

Much of this code was inspired by (read: 'lifted from') the repoze.who.plugins.openid
code which can be found here:
http://quantumcore.org/docs/repoze.who.plugins.openid

In your Pyramid app, add the pyramid_openid.verify_openid view_callable to your
view_configuration, and add the needed settings to your .ini file.

Here is a barebones setup:
openid.store.type = file
openid.store.file.path = %(here)s/sstore
openid.success_callback = myapp.lib:remember_me

This setup requires you have a folder in your app directory called 'sstore',
and that you have a callback function in your lib module named "remember_me".
Remember_me will receive the current request and the other information returned
from the OpenID provider, and should then do whatever is needed to remember the user -
pyramid.security.remember, load metadata into the session, etc - that part is
completely up to the coder.

This setup will then assume the defaults for the rest of the keys.

Once the configuration is in place, it's time to hook up the view to the application.
You can do this however you want to.

Example:
In your app config setup code, add this line before 'return config.make_wsgi_app()'

config.add_route('verify_openid',
pattern='/dologin.html',
view='pyramid_openid.verify_openid')

Now you have a URL to submit your OpenID form to: /dologin.html.
Based on the configuration above, it expects to find the user's OpenID URL
in request.params['openid'].

REQUIRED SETTINGS
=================
OpenID Data Store
-----------------
Key:
openid.store.type

Description:
This determines the type of store python-openid will use
to track nonces and other cross request data. Note that
this defaults to None, which has python-openid use a
stateless request type. Stateless mode isn't reliable;
something else should be chosen. File and mem are
recommended.

The SQL store has yet to be tested or even verified
working. It is also not recommended.

Default:
None

Examples:
To use a file store:
(openid.store.file.path must also be specified)
openid.store.type = file

To use a memory store:
openid.store.type = mem

To use a sql store:
(openid.store.sql.connection_string and
openid.store.sql.associations_table must also
be specified)
THIS IS NOT TESTED AND DOES NOT WORK
openid.store.type = sql

OPTIONAL SETTINGS:
==================
Successful Login Callback
-------------------------
Key:
openid.success_callback

Description:
This is a callable that will be called upon successful verification
by the OpenID provider. The callable will be passed three parameters;
the current context, the current request, and a dictionary with the
following structure::

{
'identity_url': The user's unique URL from the provider,
'ax': A dictionary containing all the returned
active exchange parameters requested,
'sreg': A list containing all the returned
simple registration parameters requested
}

This callback is required to have the following format:
module.optional_submodules:function

What is returned from this callable is return as the response.

Default:
None

Example:
If the callback is in the lib module of the my app package, and
is named openid_callback, then this is the setting to be used:
openid.success_callback = myapp.lib:openid_callback

AX
--
Keys:
openid.ax_required
openid.ax_optional

Description:
These represent user data requested via OpenID Attribute Exchange.

Default:
None

Example:
To require that the provider respond with the user's email:
openid.ax_required = email=http://schema.openid.net/contact/email

SX
--
Keys:
openid.sreg_required
openid.sreg_optional

Description:
These represent user data requested via OpenID Simple Registration.

Default:
None

Example:
To require that the provider respond with the user's email:
openid.sreg_required = email

Incoming OpenID Param Name:
---------------------------
Key:
openid.param_field_name

Description:
When a request is first submitted with the user's OpenID URL,
it must be retrieved from request.params with a key.
This is the name of that key in request.params.

Default:
openid

Examples:
Once submitted, the user's OpenID URL will be found in
request.params['users_openid_url']:
openid.param_field_name = users_openid_url

Error Destination
-----------------
Key:
openid.error_destination

Description:
When something in the OpenID verification process fails,
the user will be sent to this url. The error message
will be stored in the request.session.flash queue
as specified by openid.error_flash_queue

Default:
request.referrer

Example:
To send the user to a http://www.example.com/sorry.html upon failure:
openid.error_destination = http://www.example.com/sorry.html

Error Flash Queue
-----------------
Key:
openid.error_flash_queue

Description:
If something goes awry in the OpenID process, the error message
will be put in the request.session.flash message queue, and this
is the name of that queue.

Default:
The default flash queue ('')

Example:
To put the error messages in the 'OpenIDErrors' flash queue:
openid.error_flash_queue=OpenIDErrors

Realm Name
----------
Key:
openid.realm_name

Description:
This is the value of the realm parameter passed to the OpenID
provider. It's here for the sake of completeness, but unless
you know what you're doing there's no reason to change it.

Default:
request.host_url

Example:
To set the Realm to 'www.example.com':
openid.realm_name = http://www.example.com

Note:
Changing the realm_name will most likely cause your request
to fail.

CONDITIONAL SETTINGS
====================
File Store Path
---------------
Key:
openid.store.file.path

Description:
If the file store path is to be used, then it needs
a writable folder to store data into. This is that path.

Default:
No default

Example:
To store data in the folder named "sstore" in the same
folder as your development.ini:
(Note that you must make this directory as well)
openid.store.file.path = %(here)s/sstore

SQL Connection String
---------------------
Key:
openid.store.sql.connection_string

Description:
This is the connection string for the database for
python-openid to store its temporary data in.
THIS HAS NOT BEEN TESTED AND DOES NOT WORK YET.

Default:
No default

SQL Associations Table
----------------------
Key:
openid.store.sql.associations_table

Description:
This is the name of the table that python-openid
will store is temporary data in.
THIS HAS NOT BEEN TESTED AND DOES NOT WORK YET.

Default:
No default