Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fedora-infra/pyramid_fas_openid
Provides a view and functionality for handling OpenID auth against the Fedora Account System for Pyramid apps
https://github.com/fedora-infra/pyramid_fas_openid
Last synced: about 1 month ago
JSON representation
Provides a view and functionality for handling OpenID auth against the Fedora Account System for Pyramid apps
- Host: GitHub
- URL: https://github.com/fedora-infra/pyramid_fas_openid
- Owner: fedora-infra
- License: other
- Archived: true
- Fork: true (tomlikestorock/pyramid_openid)
- Created: 2013-05-08T23:18:38.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2020-10-27T16:05:52.000Z (about 4 years ago)
- Last Synced: 2024-09-06T22:15:27.620Z (2 months ago)
- Language: Python
- Homepage:
- Size: 41 KB
- Stars: 3
- Watchers: 6
- Forks: 4
- Open Issues: 2
-
Metadata Files:
- Readme: README.txt
- Changelog: CHANGELOG.rst
- License: LICENSE.txt
Awesome Lists containing this project
README
pyramid_fas_openid provides a view for the Pyramid framework that acts as an OpenID consumer for the Fedora Account System.
This code is offered under the BSD-derived Repoze Public License.
Much of this code was inspired by (read: 'lifted from') the repoze.who.plugins.openid
code which can be found here:
http://quantumcore.org/docs/repoze.who.plugins.openidIn your Pyramid app, add the pyramid_openid.verify_openid view_callable to your
view_configuration, and add the needed settings to your .ini file.Here is a barebones setup:
openid.store.type = file
openid.store.file.path = %(here)s/sstore
openid.success_callback = myapp.lib:remember_meThis setup requires you have a folder in your app directory called 'sstore',
and that you have a callback function in your lib module named "remember_me".
Remember_me will receive the current request and the other information returned
from the OpenID provider, and should then do whatever is needed to remember the user -
pyramid.security.remember, load metadata into the session, etc - that part is
completely up to the coder.This setup will then assume the defaults for the rest of the keys.
Once the configuration is in place, it's time to hook up the view to the application.
You can do this however you want to.Example:
In your app config setup code, add this line before 'return config.make_wsgi_app()'config.add_route('verify_openid',
pattern='/dologin.html',
view='pyramid_openid.verify_openid')Now you have a URL to submit your OpenID form to: /dologin.html.
Based on the configuration above, it expects to find the user's OpenID URL
in request.params['openid'].REQUIRED SETTINGS
=================
OpenID Data Store
-----------------
Key:
openid.store.typeDescription:
This determines the type of store python-openid will use
to track nonces and other cross request data. Note that
this defaults to None, which has python-openid use a
stateless request type. Stateless mode isn't reliable;
something else should be chosen. File and mem are
recommended.The SQL store has yet to be tested or even verified
working. It is also not recommended.Default:
NoneExamples:
To use a file store:
(openid.store.file.path must also be specified)
openid.store.type = fileTo use a memory store:
openid.store.type = memTo use a sql store:
(openid.store.sql.connection_string and
openid.store.sql.associations_table must also
be specified)
THIS IS NOT TESTED AND DOES NOT WORK
openid.store.type = sqlOPTIONAL SETTINGS:
==================
Successful Login Callback
-------------------------
Key:
openid.success_callbackDescription:
This is a callable that will be called upon successful verification
by the OpenID provider. The callable will be passed three parameters;
the current context, the current request, and a dictionary with the
following structure::{
'identity_url': The user's unique URL from the provider,
'ax': A dictionary containing all the returned
active exchange parameters requested,
'sreg': A list containing all the returned
simple registration parameters requested
}This callback is required to have the following format:
module.optional_submodules:functionWhat is returned from this callable is return as the response.
Default:
NoneExample:
If the callback is in the lib module of the my app package, and
is named openid_callback, then this is the setting to be used:
openid.success_callback = myapp.lib:openid_callbackAX
--
Keys:
openid.ax_required
openid.ax_optionalDescription:
These represent user data requested via OpenID Attribute Exchange.Default:
NoneExample:
To require that the provider respond with the user's email:
openid.ax_required = email=http://schema.openid.net/contact/emailSX
--
Keys:
openid.sreg_required
openid.sreg_optionalDescription:
These represent user data requested via OpenID Simple Registration.Default:
NoneExample:
To require that the provider respond with the user's email:
openid.sreg_required = emailIncoming OpenID Param Name:
---------------------------
Key:
openid.param_field_nameDescription:
When a request is first submitted with the user's OpenID URL,
it must be retrieved from request.params with a key.
This is the name of that key in request.params.Default:
openidExamples:
Once submitted, the user's OpenID URL will be found in
request.params['users_openid_url']:
openid.param_field_name = users_openid_urlError Destination
-----------------
Key:
openid.error_destinationDescription:
When something in the OpenID verification process fails,
the user will be sent to this url. The error message
will be stored in the request.session.flash queue
as specified by openid.error_flash_queueDefault:
request.referrerExample:
To send the user to a http://www.example.com/sorry.html upon failure:
openid.error_destination = http://www.example.com/sorry.htmlError Flash Queue
-----------------
Key:
openid.error_flash_queueDescription:
If something goes awry in the OpenID process, the error message
will be put in the request.session.flash message queue, and this
is the name of that queue.Default:
The default flash queue ('')Example:
To put the error messages in the 'OpenIDErrors' flash queue:
openid.error_flash_queue=OpenIDErrorsRealm Name
----------
Key:
openid.realm_nameDescription:
This is the value of the realm parameter passed to the OpenID
provider. It's here for the sake of completeness, but unless
you know what you're doing there's no reason to change it.Default:
request.host_urlExample:
To set the Realm to 'www.example.com':
openid.realm_name = http://www.example.comNote:
Changing the realm_name will most likely cause your request
to fail.CONDITIONAL SETTINGS
====================
File Store Path
---------------
Key:
openid.store.file.pathDescription:
If the file store path is to be used, then it needs
a writable folder to store data into. This is that path.Default:
No defaultExample:
To store data in the folder named "sstore" in the same
folder as your development.ini:
(Note that you must make this directory as well)
openid.store.file.path = %(here)s/sstoreSQL Connection String
---------------------
Key:
openid.store.sql.connection_stringDescription:
This is the connection string for the database for
python-openid to store its temporary data in.
THIS HAS NOT BEEN TESTED AND DOES NOT WORK YET.Default:
No defaultSQL Associations Table
----------------------
Key:
openid.store.sql.associations_tableDescription:
This is the name of the table that python-openid
will store is temporary data in.
THIS HAS NOT BEEN TESTED AND DOES NOT WORK YET.Default:
No default