[Python-Dev] Python wiki

[Scott Dial]

On 9/26/2010 3:12 AM, Martin v. Löwis wrote:
>>   2) The URL registered with the OpenID provider is a bit of a wart:
>> "http://pypi.python.org/pypi?:action=openid_return" vs.
>> "http://bitbucket.org/"
> 
> You mean, as this is what the provider then shows you for confirmation?

The provider also lists the trusted sites by these return URLs, and that
is where I saw it as being a bit of a wart. I use the OpenID plugin for
WordPress as my provider, so it may be that it doesn't do this
correctly. I noticed that Google shows just "pypi.python.org", but the
WordPress plugin shows that return URL instead. Nevertheless, I agree
that it's too late/not worth it to change that now.

> I think there is no way out wrt. to the basic auth prompt. I could
> label the "Login" link "Password login" if you think this would help.

The basic auth prompt doesn't bother me so much as the fact that the 401
doesn't have a "Use OpenID [Google] [myOpenID] [Launchpad]" set of
links; you have to use the brower's back button because the only links
offered are to register or reset your password.

> Preventing the browser from prompting the user on the chance they
> might want to enter an OpenID is not possible, and stopping to use
> basic authentication is not feasible.

In theory, you could catch usernames that started with "http://", but I
imagine that only "ultra geeks" know their URIs (I have no idea what the
URI for a Google account is). But, I don't see this as being worthwhile
either; I just think it would be nice if the 401 page gave a quick way
to correct one's mistake that didn't involve the back button.

> And again, enjoying a short OpenID URI
> probably does put you in the "ultra geek" category (which I
> seriously don't mean as an offense).

No offense taken. :)

-- 
Scott Dial
scott at scottdial.com
scodial at cs.indiana.edu