[Catalog-sig] OpenID login to PyPI

M.-A. Lemburg mal at egenix.com
Wed Nov 18 11:56:03 CET 2009

"Martin v. Löwis" wrote:
>> Well, python-openid is written in Python, so it should be possible
>> to add whatever special functionality you need.
> For this, I would like to see contributions.
> I found myself that it is absolutely necessary to understand the actual
> message flow,  so I couldn't have used the package before implementing
> a client myself - perhaps I might now be able to understand how to use
> it. For mod_auth_openid, I still cannot grasp how to use it.
>> With mod_auth_openid, you'd use a separate login page for the
>> OpenID login, so there wouldn't be a mixup between the two
>> variants.
> That would be unfortunate UI clutter, IMO.
>> Since you were looking for simplification of the used code,
>> it may be worthwhile looking at these two options to outsource
>> the complexity into a 3rd party tool. Both come with their own
>> session database to handle the authentication process sessions.
> Please go ahead and do so.
>> Note that I'm only suggesting to look at these things in
>> order to simplify the implementation.
> At least for python-openid, my feeling would be that it is actually
> more complicated to use the library than to write my own.
> For mod_auth_openid, a shallow glance also looks like using it
> would be quite some challenge.

Like I said in my email: I'm not a fan of OpenID and don't
understand why so much complexity has to be added just to
avoid letting a browser fill in the username/password

My suggestions were only targeting your statement that you
want to keep the code simple. If you don't think that's
possible using python-openid or Paul's suggestion to
use mod_auth_openid, that's fine.

Regarding contributing to the PyPI implementation: I'm not
aware of how this could be done. To me, PyPI appears to be
a closed application that is solely under your control.

After some searching I did find what appears to be the
repository of the currently used code base:


However, it is not clear how this is deployed on the
pypi.python.org server. Is there a staging installation
to be used for testing ?

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Nov 18 2009)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Catalog-SIG mailing list