Django and OpenID

Posted by Joe Topjian on July 6, 2010 under Development | Be the First to Comment

Introduction

OpenID is a technology that can be used to allow a single account to log into many different OpenID-enabled web sites. Both developers and users benefit from this: the user does not have to create a new account for each site he or she visits and the developer does not have to worry about password storage and authentication schemes.

There are several different OpenID solutions for Django. The one I am going to describe is django-openid-auth.

Installation and Configuration
Other Features
Bugs
Enhancements
Conclusion

Installation and Configuration

The first step is to install the package. Like most other Python packages, this can be done in several different ways:

easy_install django-openid-auth
Download the package and run python setup.py install
Download the package and copy the django_openid_auth directory to somewhere on your $PYTHONPATH.

Once it’s installed, tell Django about it in settings.py:

INSTALLED_APPS = (
    'django_openid_auth`,
)

AUTHENTICATION_BACKENDS = (
    'django_openid_auth.auth.OpenIDBackend',
    'django.contrib.auth.backends.ModelBackend',
)

If you would like Django to automatically create new accounts when a new OpenID account logs in for the first time, add the following to settings.py:

OPENID_CREATE_USERS = True

Also add some new login information to settings.py:

LOGIN_URL = '/openid/login/'
LOGIN_REDIRECT_URL = '/'

Now add the following to your urls.py file:

urlpatterns = patterns('',
    (r'^openid/', include('django_openid_auth.urls')),
)

Finally, synchronize the database to add the new database tables:

$ python manage.py syncdb

And that’s it. Your Django application is now OpenID compatible. Seriously. It was that easy.

Other Features

The django-openid-auth package also comes with a few other features. Read the included README.txt file for details.

Bugs

OK, so there are a few catches with this simplicity. The first, and most important if you are using MySQL, is the fact that the default models supplied are not compatible with MySQL. The fix is easy and you can read about it here.

Secondly, some OpenID providers support a newer method of retrieving user data. Although django-openid-auth will still work without this data retrieval, your accounts will be stuck with a generic username and no further information. This has been fixed in r66 which you can download using bzr. However, I noticed that while r66 will enable the Attribute Exchange protocol, it has caused other providers to stop working. See my comments for a patch.

Enhancements

While I was fixing the above problem, I decided to add a new feature that would require OpenID accounts to have an associated email address. That way, if someone signs up for an OpenID account but provides no email address, they will be unable to log in to your application.

To use this feature, install my django-openid-auth branch using bzr and then add the following to settings.py:

OPENID_REQUIRE_EMAIL = True

My branch also includes the fix for the Attribute Exchange issue also described previously.

Conclusion

While the above problems can seem a little daunting, they are really not that bad. Using django-openid-auth to add OpenID support to your Django application is relatively quick and worth the effort.

Tags: bzr, development, django, launchpad, openid, python

Add A Comment

home top

Categories

Popular Topics

Projects