Skip to main content

A view for pyramid that functions as an OpenID consumer.

Project description

pyramid_fas_openid provides a view for the Pyramid framework that acts as an OpenID consumer for the Fedora Account System.

This code is offered under the BSD-derived Repoze Public License.

Much of this code was inspired by (read: ‘lifted from’) the repoze.who.plugins.openid code which can be found here: http://quantumcore.org/docs/repoze.who.plugins.openid

In your Pyramid app, add the pyramid_openid.verify_openid view_callable to your view_configuration, and add the needed settings to your .ini file.

Here is a barebones setup: openid.store.type = file openid.store.file.path = %(here)s/sstore openid.success_callback = myapp.lib:remember_me

This setup requires you have a folder in your app directory called ‘sstore’, and that you have a callback function in your lib module named “remember_me”. Remember_me will receive the current request and the other information returned from the OpenID provider, and should then do whatever is needed to remember the user - pyramid.security.remember, load metadata into the session, etc - that part is completely up to the coder.

This setup will then assume the defaults for the rest of the keys.

Once the configuration is in place, it’s time to hook up the view to the application. You can do this however you want to.

Example: In your app config setup code, add this line before ‘return config.make_wsgi_app()’

config.add_route(‘verify_openid’,

pattern=’/dologin.html’, view=’pyramid_openid.verify_openid’)

Now you have a URL to submit your OpenID form to: /dologin.html. Based on the configuration above, it expects to find the user’s OpenID URL in request.params[‘openid’].

REQUIRED SETTINGS

OpenID Data Store

Key: openid.store.type

Description: This determines the type of store python-openid will use to track nonces and other cross request data. Note that this defaults to None, which has python-openid use a stateless request type. Stateless mode isn’t reliable; something else should be chosen. File and mem are recommended.

The SQL store has yet to be tested or even verified working. It is also not recommended.

Default: None

Examples: To use a file store: (openid.store.file.path must also be specified) openid.store.type = file

To use a memory store: openid.store.type = mem

To use a sql store: (openid.store.sql.connection_string and openid.store.sql.associations_table must also be specified) THIS IS NOT TESTED AND DOES NOT WORK openid.store.type = sql

OPTIONAL SETTINGS:

Successful Login Callback

Key: openid.success_callback

Description: This is a callable that will be called upon successful verification by the OpenID provider. The callable will be passed three parameters; the current context, the current request, and a dictionary with the following structure:

{
    'identity_url': The user's unique URL from the provider,
    'ax':           A dictionary containing all the returned
            active exchange parameters requested,
    'sreg':         A list containing all the returned
            simple registration parameters requested
}

This callback is required to have the following format: module.optional_submodules:function

What is returned from this callable is return as the response.

Default: None

Example: If the callback is in the lib module of the my app package, and is named openid_callback, then this is the setting to be used: openid.success_callback = myapp.lib:openid_callback

AX

Keys: openid.ax_required openid.ax_optional

Description: These represent user data requested via OpenID Attribute Exchange.

Default: None

Example: To require that the provider respond with the user’s email: openid.ax_required = email=http://schema.openid.net/contact/email

SX

Keys: openid.sreg_required openid.sreg_optional

Description: These represent user data requested via OpenID Simple Registration.

Default: None

Example: To require that the provider respond with the user’s email: openid.sreg_required = email

Incoming OpenID Param Name:

Key: openid.param_field_name

Description: When a request is first submitted with the user’s OpenID URL, it must be retrieved from request.params with a key. This is the name of that key in request.params.

Default: openid

Examples: Once submitted, the user’s OpenID URL will be found in request.params[‘users_openid_url’]: openid.param_field_name = users_openid_url

Error Destination

Key: openid.error_destination

Description: When something in the OpenID verification process fails, the user will be sent to this url. The error message will be stored in the request.session.flash queue as specified by openid.error_flash_queue

Default: request.referrer

Example: To send the user to a http://www.example.com/sorry.html upon failure: openid.error_destination = http://www.example.com/sorry.html

Error Flash Queue

Key: openid.error_flash_queue

Description: If something goes awry in the OpenID process, the error message will be put in the request.session.flash message queue, and this is the name of that queue.

Default: The default flash queue (‘’)

Example: To put the error messages in the ‘OpenIDErrors’ flash queue: openid.error_flash_queue=OpenIDErrors

Realm Name

Key: openid.realm_name

Description: This is the value of the realm parameter passed to the OpenID provider. It’s here for the sake of completeness, but unless you know what you’re doing there’s no reason to change it.

Default: request.host_url

Example: To set the Realm to ‘www.example.com’: openid.realm_name = http://www.example.com

Note: Changing the realm_name will most likely cause your request to fail.

CONDITIONAL SETTINGS

File Store Path

Key: openid.store.file.path

Description: If the file store path is to be used, then it needs a writable folder to store data into. This is that path.

Default: No default

Example: To store data in the folder named “sstore” in the same folder as your development.ini: (Note that you must make this directory as well) openid.store.file.path = %(here)s/sstore

SQL Connection String

Key: openid.store.sql.connection_string

Description: This is the connection string for the database for python-openid to store its temporary data in. THIS HAS NOT BEEN TESTED AND DOES NOT WORK YET.

Default: No default

SQL Associations Table

Key: openid.store.sql.associations_table

Description: This is the name of the table that python-openid will store is temporary data in. THIS HAS NOT BEEN TESTED AND DOES NOT WORK YET.

Default: No default

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyramid_fas_openid-0.4.0.tar.gz (8.9 kB view details)

Uploaded Source

File details

Details for the file pyramid_fas_openid-0.4.0.tar.gz.

File metadata

  • Download URL: pyramid_fas_openid-0.4.0.tar.gz
  • Upload date:
  • Size: 8.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.8.6

File hashes

Hashes for pyramid_fas_openid-0.4.0.tar.gz
Algorithm Hash digest
SHA256 0661151e0245622762817d8c759c8cf1b6ba6f8b2d5fdb063752ce81617ed41a
MD5 8bdfd1d10875ba18ac3c8359357082f5
BLAKE2b-256 64ae295c923ca8863949ad657d6a9f06a2e583e89c2df5c145f1b71364880724

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page