[Catalog-sig] OpenID login to PyPI

M.-A. Lemburg mal at egenix.com
Wed Nov 18 11:56:03 CET 2009 

"Martin v. Löwis" wrote:
>> Well, python-openid is written in Python, so it should be possible
>> to add whatever special functionality you need.
> 
> For this, I would like to see contributions.
> 
> I found myself that it is absolutely necessary to understand the actual
> message flow,  so I couldn't have used the package before implementing
> a client myself - perhaps I might now be able to understand how to use
> it. For mod_auth_openid, I still cannot grasp how to use it.
> 
>> With mod_auth_openid, you'd use a separate login page for the
>> OpenID login, so there wouldn't be a mixup between the two
>> variants.
> 
> That would be unfortunate UI clutter, IMO.
> 
>> Since you were looking for simplification of the used code,
>> it may be worthwhile looking at these two options to outsource
>> the complexity into a 3rd party tool. Both come with their own
>> session database to handle the authentication process sessions.
> 
> Please go ahead and do so.
>
>> Note that I'm only suggesting to look at these things in
>> order to simplify the implementation.
> 
> At least for python-openid, my feeling would be that it is actually
> more complicated to use the library than to write my own.
> 
> For mod_auth_openid, a shallow glance also looks like using it
> would be quite some challenge.

Like I said in my email: I'm not a fan of OpenID and don't
understand why so much complexity has to be added just to
avoid letting a browser fill in the username/password
automatically.

My suggestions were only targeting your statement that you
want to keep the code simple. If you don't think that's
possible using python-openid or Paul's suggestion to
use mod_auth_openid, that's fine.

Regarding contributing to the PyPI implementation: I'm not
aware of how this could be done. To me, PyPI appears to be
a closed application that is solely under your control.

After some searching I did find what appears to be the
repository of the currently used code base:

https://svn.python.org/packages/trunk/pypi/

However, it is not clear how this is deployed on the
pypi.python.org server. Is there a staging installation
to be used for testing ?

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Nov 18 2009)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the Catalog-SIG mailing list