[Catalog-sig] OpenID login to PyPI

M.-A. Lemburg mal at egenix.com
Tue Nov 17 12:43:15 CET 2009

"Martin v. Löwis" wrote:
> Paul Boddie wrote:
>> Martin v. Löwis wrote:
>>>> Are you using python-openid for this ?
>>>> 	http://openidenabled.com/python-openid/
>>> No, I have written a new OpenID client. The protocol itself
>>> is fairly simple, once you got it.
>> Is there any benefit to using mod_auth_openid with Apache, given that as far 
>> as I'm aware, the python.org services run behind Apache? That might even help 
>> to wrap up the Roundup tracker, subject to technical limitations with user 
>> identifiers and Roundup (and other services) being willing to accept an 
>> identity set by the Web server.
> The problem I have with this (and also partially with python-openid) is
> that I don't know how to integrate it with the existing application. How
> is the module supposed to know what PyPI accounts are, and how they
> relate to existing IDs, and what postgres database and table this
> information is to be stored in?

Well, python-openid is written in Python, so it should be possible
to add whatever special functionality you need.


It also comes with an example implementation that shows how
to use the lib in a consumer role:


> For Roundup, the problem is even more difficult, IIUC, assuming I want
> people to add either an openid or a username/password pair into the
> existing fields: how is mod_auth_openid supposed to know that the name
> is not an openid in the first place, just because a password is also
> provided? The roundup installation uses a reverse proxy, so it would
> be better to create something that doesn't rely on Apache.

With mod_auth_openid, you'd use a separate login page for the
OpenID login, so there wouldn't be a mixup between the two

mod_auth_openid also allows you to set a user app that implements
the authorization part. This could be a Python application that
hooks into the PG database:


mod_auth_openid also supports proxies, so it should be possible
to use it for roundup as well.

Since you were looking for simplification of the used code,
it may be worthwhile looking at these two options to outsource
the complexity into a 3rd party tool. Both come with their own
session database to handle the authentication process sessions.

Note that I'm only suggesting to look at these things in
order to simplify the implementation. IMHO, OpenID is problematic
from a privacy POV in multiple ways. The simple standard
user/password login doesn't have these issues and is a lot
easier to implement and maintain.

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Nov 17 2009)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Catalog-SIG mailing list