Skip to content

HowTo: Use OpenID with Web.py

2010 December 7
by Tedb0t

I’m going to be using OpenID as a universal login for a new webapp I’m working on. As luck would have it Web.py has a module just for this, and the API is super simple!  Now that I’ve got this working I’ve got to figure out how to actually integrate it into the app; this link looks helpful towards that.

  1. Install web.py:
    sudo easy_install web.py

    or

    sudo apt-get install python-webpy
  2. sudo easy_install python-openid

    or

    sudo apt-get install python-openid
  3. main.py:
    import web, web.webopenid
    
    urls = (
        r'/openid', 'web.webopenid.host',
        r'/', 'Index'
    )
    
    app = web.application(urls, globals())
    
    class Index:
        def GET(self):
            body = '''
            <html><head><title>Web.py OpenID Test</title></head>
            <body>
                %s
            </body>
            </html>
            ''' % (web.webopenid.form('/openid'))
    
            return body
    
    if __name__ == "__main__": app.run()
  4. Run
    python main.py
  5. Go to http://localhost:8080
  6. Voilà!

I’ve also added this to the Web.py cookbook.  Please let me know if you find any bugs or mistakes!

Related Posts:


7 Responses leave one →
  1. greg permalink
    December 8, 2010

    have you used this approach with google login or any others? if so please post them – very well explained. thank you

  2. December 8, 2010

    What do you mean? I used my google openid login when testing this.

  3. February 11, 2011

    I guess the confusion greg and I’ve had is what you typically put into these kinds of logins. For example, if you used your google id, what did you actually put into your field?

    Something like this? https://www.google.com/accounts/o8/id

    or a URL unique to you? https://www.google.com/accounts/o8/id?id=xxxxxxxxxxxxx

    When I first saw this, I just assumed I would do something like ‘my_email@gmail.com’, and it would resolve itself, which doesn’t seem to work. When I first heard of OpenID and came across this, I had no idea how a URL related to my “OpenID”. That could certainly be clearly, in my opinion, on a lot of sites.

    • Christoffer Aasted permalink
      March 20, 2012

      just make sure you’re logged in to your Google account and throw this in the form box that accesses “/openid” path / function: (web.webopenid.host)
       https://www.google.com/accounts/o8/id

      It will say:

      “Google Accounts in header/title”

      “Do you want to login to thissite.com using youremail@gmail:disqus .com ?”

      [Login] [Cancel]

      [ ] Remember Me

  4. February 11, 2011

    Yeah, I was initially confused on that too. The url represents the path to the *OpenID Provider.* All other information is transmitted via POST.

    So as far as user experience goes, we should just hide the URL entirely (except as an option for custom providers) and use some typical UI element (i.e. buttons) to specify which provider to use—this is what Stack Overflow does, but they show the URL box which just makes things confusing as hell. There is also a site that maintains a dictionary of providers, but I can’t find it offhand.

Trackbacks and Pingbacks

  1. What the heck is OpenID? | Limina.Log
  2. Using web.webopenid with web.py to authenticate users | DEEP in PHP

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS