Upload File

open id and django

120
OpenID... and Django Nathan Florea The Wenatchee World

Upload: nathanflorea

Post on 28-Jan-2015

114 views

Category:

Technology


1 download

Report

Tags:

DESCRIPTION

Slides from a lightning talk I gave at DjangoCon '10 regarding the usefulness of OpenID as a single sign-on solution for multiple Django sites.

TRANSCRIPT

Page 1: Open ID and Django

OpenIDand Django

Nathan FloreaThe Wenatchee World

What is OpenID

What is OpenID

bull An open standard for decentralized authentication

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

bull A failure

Why

Why

bull Herersquos two reasons

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 2: Open ID and Django

What is OpenID

What is OpenID

bull An open standard for decentralized authentication

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

bull A failure

Why

Why

bull Herersquos two reasons

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 3: Open ID and Django

What is OpenID

bull An open standard for decentralized authentication

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

bull A failure

Why

Why

bull Herersquos two reasons

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 4: Open ID and Django

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

bull A failure

Why

Why

bull Herersquos two reasons

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 5: Open ID and Django

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

bull A failure

Why

Why

bull Herersquos two reasons

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 6: Open ID and Django

What is OpenID

bull An open standard for decentralized authentication

bull Internet-based single sign-on

bull Unique identities based on URIs (or XRIs if anyone cares)

bull A failure

Why

Why

bull Herersquos two reasons

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 7: Open ID and Django

Why

Why

bull Herersquos two reasons

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 8: Open ID and Django

Why

bull Herersquos two reasons

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 9: Open ID and Django

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 10: Open ID and Django

Why

bull Herersquos two reasons

bull Unwieldy unfriendly usernames

bull Isnrsquot very useful

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 11: Open ID and Django

Unwieldy usernames

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 12: Open ID and Django

Unwieldy usernames

bull I was excited about OpenID

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 13: Open ID and Django

Unwieldy usernames

bull I was excited about OpenID

bull I set one up for my dad

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 14: Open ID and Django

Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 15: Open ID and Django

Unwieldy usernamesDad What would my username be again

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 16: Open ID and Django

Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 17: Open ID and Django

Unwieldy usernamesDad Umm did you see the Sounders game last night

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 18: Open ID and Django

Unwieldy usernamesMe No but Im going to watch it lat-

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 19: Open ID and Django

Unwieldy usernamesDad They won

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 20: Open ID and Django

Unwieldy usernamesMe Thanks Dad

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 21: Open ID and Django

Unwieldy usernames

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 22: Open ID and Django

Unwieldy usernames

bull A failure

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 23: Open ID and Django

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 24: Open ID and Django

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 25: Open ID and Django

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 26: Open ID and Django

Unwieldy usernames

bull A failure

bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs

bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo

bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo

bull (we donrsquot talk to Uncle Tom)

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 27: Open ID and Django

Not very useful

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 28: Open ID and Django

Not very useful

bull OpenID provides authentication

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 29: Open ID and Django

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 30: Open ID and Django

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 31: Open ID and Django

Not very useful

bull OpenID provides authentication

bull OpenID doesnrsquot provide anything else

bull My friends and family (ldquousersrdquo) use Facebook

bull They expect more

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 32: Open ID and Django

Not very useful

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 33: Open ID and Django

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 34: Open ID and Django

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 35: Open ID and Django

Not very useful

bull Simon Willison launched a new social conference directory site httplanyrdcom

bull Simon Willison is a huge supporter of OpenID

bull Lanyrd only authenticates through Twitter

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 36: Open ID and Django

Not very useful

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 37: Open ID and Django

Not very usefulbull He took some flack for that

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 38: Open ID and Django

Not very usefulbull He took some flack for that

bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites

Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 39: Open ID and Django

Not very useful

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 40: Open ID and Django

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 41: Open ID and Django

Not very useful

bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff

bull Twitter Facebook Google provide authentication PLUS a social graph

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 42: Open ID and Django

and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 43: Open ID and Django

and Djangobull Well not a total failure

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 44: Open ID and Django

and Djangobull Well not a total failure

bull Very cool technology

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 45: Open ID and Django

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 46: Open ID and Django

and Djangobull Well not a total failure

bull Very cool technology

bull Internet-based single sign-on

bull Where is that useful

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 47: Open ID and Django

and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 48: Open ID and Django

and Djangobull You have multiple cool Django sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 49: Open ID and Django

and Djangobull You have multiple cool Django sites

bull You are building more all the time

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 50: Open ID and Django

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 51: Open ID and Django

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 52: Open ID and Django

and Djangobull You have multiple cool Django sites

bull You are building more all the time

bull You want your users to be able to use a single account for all of your sites

bull Solution

bull Facebook

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 53: Open ID and Django

and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 54: Open ID and Django

and Djangobull No You want

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 55: Open ID and Django

and Djangobull No You want

bull Control

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 56: Open ID and Django

and Djangobull No You want

bull Control

bull Something simple

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 57: Open ID and Django

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 58: Open ID and Django

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 59: Open ID and Django

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 60: Open ID and Django

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 61: Open ID and Django

and Djangobull No You want

bull Control

bull Something simple

bull With wide support

bull You donrsquot need a social graph

bull You only need your users to login

bull Solution

bull OpenID

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 62: Open ID and Django

Integrating OpenID with Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 63: Open ID and Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 64: Open ID and Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 65: Open ID and Django

Integrating OpenID with Django

bull To use OpenID with Django you need to

bull Setup an OpenID provider the server to authenticate against

bull Install an OpenID consumer app on all of your Django sites

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 66: Open ID and Django

OpenID Enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 67: Open ID and Django

OpenID Enabled

bull Lots of consumer apps only a couple providers

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 68: Open ID and Django

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 69: Open ID and Django

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 70: Open ID and Django

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 71: Open ID and Django

OpenID Enabled

bull Lots of consumer apps only a couple providers

bull Everything based off Janrainrsquos OpenID libraries

bull httpwwwjanraincomopenid-enabled

bull Every useful web language - and PHP

bull For Python openid

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 72: Open ID and Django

Setup the provider

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 73: Open ID and Django

Setup the providerbull We use openid_provider

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 74: Open ID and Django

Setup the providerbull We use openid_provider

bull Somewhat active development

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 75: Open ID and Django

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 76: Open ID and Django

Setup the providerbull We use openid_provider

bull Somewhat active development

bull Works

bull httpwwwromkenetdjangoopenid_provider

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 77: Open ID and Django

Setup the provider

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 78: Open ID and Django

Setup the providerbull Unique URL for your OpenIDs

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 79: Open ID and Django

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 80: Open ID and Django

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 81: Open ID and Django

Setup the providerbull Unique URL for your OpenIDs

bull Example httpidmydomaincomopenid

bull Pretty straightforward

bull Will want to create a signal on User creation to create an OpenID at the same time

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 82: Open ID and Django

Setup the consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 83: Open ID and Django

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 84: Open ID and Django

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 85: Open ID and Django

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 86: Open ID and Django

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 87: Open ID and Django

Setup the consumerbull Launchpadrsquos django_openid_auth for consumer

bull Active development

bull Authentication backend integrates with Django User

bull Allows URL ldquocheatingrdquo

bull httpslaunchpadnetdjango-openid-auth

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 88: Open ID and Django

Setup the consumer

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 89: Open ID and Django

Setup the consumerbull Install app on each Django site

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 90: Open ID and Django

Setup the consumerbull Install app on each Django site

bull Configure

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 91: Open ID and Django

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 92: Open ID and Django

Setup the consumerbull Install app on each Django site

bull Configure

bull Allows ldquocheatingrdquo on the OpenID URLs

bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 93: Open ID and Django

Thatrsquos good But I want a little bit more

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 94: Open ID and Django

Thatrsquos good But I want a little bit more

bull That solves authentication

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 95: Open ID and Django

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 96: Open ID and Django

Thatrsquos good But I want a little bit more

bull That solves authentication

bull But each Django site still duplicates a lot of user information

bull How can I centralize that too

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 97: Open ID and Django

Introducing SREG

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 98: Open ID and Django

Introducing SREG

bull Simple Registration (SREG)

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 99: Open ID and Django

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 100: Open ID and Django

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 101: Open ID and Django

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 102: Open ID and Django

Introducing SREG

bull Simple Registration (SREG)

bull Extension to OpenID

bull Allows consumers to request additional information from providers

bull Very basic info such as preferred username and e-mail but

bull Extensible

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 103: Open ID and Django

Introducing SREG

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 104: Open ID and Django

Introducing SREG

bull Can consolidate all user information on your provider

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 105: Open ID and Django

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 106: Open ID and Django

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 107: Open ID and Django

Introducing SREG

bull Can consolidate all user information on your provider

bull Parcel out relevant information to consumers through SREG

bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares

bull Sync only occurs on login probably still want to do some background syncing

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 108: Open ID and Django

Result

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 109: Open ID and Django

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 110: Open ID and Django

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 111: Open ID and Django

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 112: Open ID and Django

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 113: Open ID and Django

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 114: Open ID and Django

Resultbull User with account visits consumer1mydomaincom for

the first time and clicks the login link

bull User redirected to idmydomaincom to login

bull Ajax allows this to all happen in the background

bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs

bull New User created on consumer1 linked to OpenID

bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 115: Open ID and Django

Catches

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 116: Open ID and Django

Catches

bull Biggest one is session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 117: Open ID and Django

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 118: Open ID and Django

Catches

bull Biggest one is session cookies

bull Consumer1 consumer2 and provider all have different session cookies

bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 119: Open ID and Django

In conclusionUrls

bull httpslaunchpadnetdjango-openid-auth

bull httpwwwromkenetdjangoopenid_provider

bull httpwwwjanraincomopenid-enabled

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom

Page 120: Open ID and Django

In conclusionWill post a live example a provider and two consumers after the weekend plus source

Look for a tweet to djangocon

Contact me if you have are curious or have questions

florean

floreawenatcheeworldcom


Introduction to Django - OSCON 2012 - O'Reilly Mediaassets.en.oreilly.com/1/event/80/Introduction to Django... · Django Training. Section 1: Introduction to Django. 1 “ ” Django

Saas rad with django, django rest framework

Python id meetup, Maintaining a Dirty Code Django Project

Open ID Connect

Open ID Explained

Customizing The Django Admin Euro Django Con09

Strong Authentication Open Id & Axsionics

Meet Django - Django Webframework in Python

Oauth vs open id

Open Id For Newbies

Presentation Emencia, Python, CMS, Open Source, Magento, Django

Read the Docs: A completely open source Django project

Why Python is best for Django?, Job trends in Django, Learn Django Online

Django - Sevenmentor Pvt. Ltd · 2019-08-20 · Django Prerequisite: Introduction to HTML5, CSS3 and Bootstrap Django Framework Introduction to Django Installing Django Setting up

Hyves Open Id

Building APIs with Django and Django Rest Framework...Building APIs with Django and Django Rest Framework, Release 2.0 Building APIs with Django and DRF takes over where the Django

Open Source Used In Django 1 - Cisco · Open Source Used In Django 1.8 2 This document contains licenses and notices for open source software used in this product. With respect to

Django-nonrel Documentation - Read the Docs · Django-nonrel Documentation, Release 0 Internals Django-nonrel is based on Django 1.3. The modifications to Django are minimal (maybe

Django-Chapter 6: The Django Admin Site

Read the Docs - O'Reilly Mediaassets.en.oreilly.com/1/event/61/A Completely Open Source Django... · » Talk about the history of Read the Docs ... » I come from Django » Work at

Five awesome django tutorials - Open Data Science

Open ID to Open ID Connect Migration

Backend Development Django - shaorongwang.com · 安装Django pip install django. . 创建一个Django 项目 django-admin startproject firstapp. . 创建一个Django 模块 python

django-dashing Documentation...django-dashing Documentation, Release 0.2 Django Settings Configuration for Django Dashing is all namespaced inside a single Django setting, named DASHING

Open House ID Presentation

Computer Orange Template - MYKVS.INpython.mykvs.in/presentation/class xii/computer science... · 2019-04-13 · Django Visit : python.mykvs.in for regular updates Django is an open

Open Id Security ITsec

Django nedir, yenir mi? - Linux · nedir, yenir mi? Cihan Okyay [email protected] @cihann * Open source * Nesne Yönelimli * Temiz sözdizimi * Öğrenmesi kolay ... Django

Quick Reference Guide to DJANGO TERMINAL COMMANDS · INSTALL DJANGO INSIDE VIRTUALENV: pip install django (pip install django==2.04 to install a specific version of django) START

Open ID in Government

Open Id Pourquoi L Adopter

Django Jobs | Django developers | Freelance Jobs

Open bib id

Open Bib ID - Najaar 2012

B2E y OPEN ID