[Catalog-sig] OpenID login to PyPI

"Martin v. Löwis" martin at v.loewis.de
Tue Nov 17 06:44:22 CET 2009

Paul Boddie wrote:
> Martin v. Löwis wrote:
>>> Are you using python-openid for this ?
>>> 	http://openidenabled.com/python-openid/
>> No, I have written a new OpenID client. The protocol itself
>> is fairly simple, once you got it.
> Is there any benefit to using mod_auth_openid with Apache, given that as far 
> as I'm aware, the python.org services run behind Apache? That might even help 
> to wrap up the Roundup tracker, subject to technical limitations with user 
> identifiers and Roundup (and other services) being willing to accept an 
> identity set by the Web server.

The problem I have with this (and also partially with python-openid) is
that I don't know how to integrate it with the existing application. How
is the module supposed to know what PyPI accounts are, and how they
relate to existing IDs, and what postgres database and table this
information is to be stored in?

For Roundup, the problem is even more difficult, IIUC, assuming I want
people to add either an openid or a username/password pair into the
existing fields: how is mod_auth_openid supposed to know that the name
is not an openid in the first place, just because a password is also
provided? The roundup installation uses a reverse proxy, so it would
be better to create something that doesn't rely on Apache.


More information about the Catalog-SIG mailing list