Download - Open ID and Django
![Page 1: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/1.jpg)
OpenIDand Django
Nathan FloreaThe Wenatchee World
What is OpenID
What is OpenID
bull An open standard for decentralized authentication
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 2: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/2.jpg)
What is OpenID
What is OpenID
bull An open standard for decentralized authentication
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 3: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/3.jpg)
What is OpenID
bull An open standard for decentralized authentication
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 4: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/4.jpg)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 5: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/5.jpg)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 6: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/6.jpg)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 7: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/7.jpg)
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 8: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/8.jpg)
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 9: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/9.jpg)
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 10: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/10.jpg)
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 11: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/11.jpg)
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 12: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/12.jpg)
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 13: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/13.jpg)
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 14: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/14.jpg)
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 15: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/15.jpg)
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 16: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/16.jpg)
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 17: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/17.jpg)
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 18: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/18.jpg)
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 19: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/19.jpg)
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 20: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/20.jpg)
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 21: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/21.jpg)
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 22: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/22.jpg)
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 23: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/23.jpg)
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 24: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/24.jpg)
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 25: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/25.jpg)
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 26: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/26.jpg)
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 27: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/27.jpg)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 28: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/28.jpg)
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 29: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/29.jpg)
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 30: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/30.jpg)
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 31: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/31.jpg)
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 32: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/32.jpg)
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 33: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/33.jpg)
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 34: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/34.jpg)
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 35: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/35.jpg)
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 36: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/36.jpg)
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 37: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/37.jpg)
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 38: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/38.jpg)
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 39: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/39.jpg)
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 40: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/40.jpg)
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 41: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/41.jpg)
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 42: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/42.jpg)
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 43: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/43.jpg)
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 44: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/44.jpg)
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 45: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/45.jpg)
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 46: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/46.jpg)
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 47: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/47.jpg)
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 48: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/48.jpg)
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 49: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/49.jpg)
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 50: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/50.jpg)
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 51: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/51.jpg)
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 52: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/52.jpg)
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 53: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/53.jpg)
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 54: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/54.jpg)
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 55: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/55.jpg)
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 56: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/56.jpg)
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 57: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/57.jpg)
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 58: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/58.jpg)
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 59: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/59.jpg)
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 60: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/60.jpg)
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 61: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/61.jpg)
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 62: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/62.jpg)
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 63: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/63.jpg)
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 64: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/64.jpg)
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 65: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/65.jpg)
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 66: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/66.jpg)
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 67: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/67.jpg)
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 68: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/68.jpg)
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 69: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/69.jpg)
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 70: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/70.jpg)
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 71: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/71.jpg)
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 72: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/72.jpg)
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 73: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/73.jpg)
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 74: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/74.jpg)
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 75: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/75.jpg)
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 76: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/76.jpg)
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 77: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/77.jpg)
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 78: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/78.jpg)
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 79: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/79.jpg)
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 80: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/80.jpg)
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 81: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/81.jpg)
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 82: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/82.jpg)
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 83: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/83.jpg)
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 84: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/84.jpg)
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 85: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/85.jpg)
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 86: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/86.jpg)
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 87: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/87.jpg)
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 88: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/88.jpg)
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 89: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/89.jpg)
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 90: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/90.jpg)
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 91: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/91.jpg)
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 92: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/92.jpg)
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 93: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/93.jpg)
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 94: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/94.jpg)
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 95: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/95.jpg)
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 96: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/96.jpg)
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 97: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/97.jpg)
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 98: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/98.jpg)
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 99: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/99.jpg)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 100: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/100.jpg)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 101: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/101.jpg)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 102: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/102.jpg)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 103: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/103.jpg)
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 104: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/104.jpg)
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 105: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/105.jpg)
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 106: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/106.jpg)
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 107: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/107.jpg)
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 108: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/108.jpg)
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 109: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/109.jpg)
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 110: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/110.jpg)
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 111: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/111.jpg)
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 112: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/112.jpg)
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 113: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/113.jpg)
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 114: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/114.jpg)
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 115: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/115.jpg)
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 116: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/116.jpg)
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 117: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/117.jpg)
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 118: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/118.jpg)
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 119: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/119.jpg)
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
![Page 120: Open ID and Django](https://reader034.vdocuments.site/reader034/viewer/2022051819/54c809e24a79599c368b4574/html5/thumbnails/120.jpg)
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom