1
<p>The <tt class="docutils literal"><span class="pre">django_openidconsumer</span></tt> package contains all of the code needed to set up
2
your Django application as an OpenID consumer. You can use it to allow OpenID
3
users to sign in to your site without having to create a new username and
6
<h2><a id="overview">Overview</a></h2>
7
<p>The OpenID consumer system consists of:</p>
9
<li>Views for you to hook in to your application.</li>
10
<li>Database models implementing the persistence layer of an OpenID consumer.</li>
11
<li>Middleware that makes <tt class="docutils literal"><span class="pre">request.openid</span></tt> and <tt class="docutils literal"><span class="pre">request.openids</span></tt>
12
properties available to your application views.</li>
16
<h2><a id="dependencies">Dependencies</a></h2>
17
<p><tt class="docutils literal"><span class="pre">django_openidconsumer</span></tt> uses the <a class="reference" href="http://www.openidenabled.com/openid/libraries/python/">python-openid library</a>, which must be
18
installed separately somewhere on the Python path. You should install the 1.2.0
19
“combo” package which includes the <tt class="docutils literal"><span class="pre">yadis</span></tt> and <tt class="docutils literal"><span class="pre">urljr</span></tt> libraries.</p>
20
<p>The package also depends on the availability of Django’s <a class="reference" href="http://www.djangoproject.com/documentation/sessions/">session support</a>.</p>
23
<h2><a id="installation">Installation</a></h2>
24
<p>Having ensured that both the <tt class="docutils literal"><span class="pre">python-openid</span></tt> library and the <tt class="docutils literal"><span class="pre">django_openidconsumer</span></tt> package are available on your Python path, you can
25
add OpenID consumer support to an application by doing the following:</p>
27
<li><p class="first">Put <tt class="docutils literal"><span class="pre">django_openidconsumer</span></tt> in your <tt class="docutils literal"><span class="pre">INSTALLED_APPS</span></tt> setting.</p>
29
<li><p class="first">Run the command <tt class="docutils literal"><span class="pre">manage.py</span> <span class="pre">syncdb</span></tt> to create the necessary tables.</p>
31
<li><p class="first">Add <tt class="docutils literal"><span class="pre">django_openidconsumer.middleware.OpenIDMiddleware</span></tt> to your list
32
of <tt class="docutils literal"><span class="pre">MIDDLEWARE_CLASSES</span></tt>, somewhere after the Session middleware.</p>
34
<li><p class="first">Add the following views to your urlconf:</p>
35
<pre class="literal-block">
36
(r'^openid/$', 'django_openidconsumer.views.begin'),
37
(r'^openid/complete/$', 'django_openidconsumer.views.complete'),
38
(r'^openid/signout/$', 'django_openidconsumer.views.signout'),
42
<p>You will then be able to browse to <tt class="docutils literal"><span class="pre">example.com/openid/</span></tt> and sign in using
46
<h2><a id="using-the-openid-middleware">Using the OpenID middleware</a></h2>
47
<p>With the Middleware installed, your views will have access to the user’s OpenID
48
as the <tt class="docutils literal"><span class="pre">request.openid</span></tt> property. This will be <tt class="docutils literal"><span class="pre">None</span></tt> if the user has not
49
yet authenticated; otherwise it will be a <tt class="docutils literal"><span class="pre">django_openidconsumer.util.OpenID</span></tt>
51
<p>If you want the user’s OpenID as a string, call the <tt class="docutils literal"><span class="pre">str()</span></tt> builtin on the
53
<pre class="literal-block">
54
def example_view(request):
56
return HttpResponse("OpenID is %s" % escape(str(request.openid)))
58
return HttpResponse("No OpenID")
60
<p>Users can sign in with more than one OpenID. This is supported by the
61
<tt class="docutils literal"><span class="pre">request.openids</span></tt> property, which is a list of <tt class="docutils literal"><span class="pre">OpenID</span></tt> objects in the order
62
in which they were authenticated. <tt class="docutils literal"><span class="pre">request.openid</span></tt> merely returns the last
63
item in this list.</p>
66
<h2><a id="using-simple-registration">Using simple registration</a></h2>
67
<p>Simple registration (or <a class="reference" href="http://openid.net/specs/openid-simple-registration-extension-1_0.html">sreg</a>) is an extension to the OpenID specification
68
that allows you to request extra details about a user from their OpenID
69
provider. It is frequently used to pre-populate registration forms with
70
information such as the user’s name, e-mail address or date of birth.</p>
71
<p>Be aware that not all OpenID providers support sreg, and there is no guarantee
72
that the information you have requested will be returned. Simple registration
73
should be used as a convenience for your users rather than as a required step in
74
your authentication process.</p>
75
<p>Available simple registration fields are <tt class="docutils literal"><span class="pre">nickname</span></tt>, <tt class="docutils literal"><span class="pre">email</span></tt>, <tt class="docutils literal"><span class="pre">fullname</span></tt>,
76
<tt class="docutils literal"><span class="pre">dob</span></tt>, <tt class="docutils literal"><span class="pre">gender</span></tt>, <tt class="docutils literal"><span class="pre">postcode</span></tt>, <tt class="docutils literal"><span class="pre">country</span></tt>, <tt class="docutils literal"><span class="pre">language</span></tt> and <tt class="docutils literal"><span class="pre">timezone</span></tt>.
77
Full details are available in the <a class="reference" href="http://openid.net/specs/openid-simple-registration-extension-1_0.html">spec</a>.</p>
78
<p>To request this information, pass the fields that you wish to retrieve as an
79
additional <tt class="docutils literal"><span class="pre">sreg</span></tt> argument to the <tt class="docutils literal"><span class="pre">django_openidconsumer.views.begin</span></tt> view:</p>
80
<pre class="literal-block">
81
(r'^openid/$', 'django_openidconsumer.views.begin', {
82
'sreg': 'email,nickname'
85
<p>Any simple registration fields that are returned will be available in a
86
dictionary as the <tt class="docutils literal"><span class="pre">sreg</span></tt> property of the OpenID object:</p>
87
<pre class="literal-block">
88
def example_sreg(request):
89
if request.openid and request.openid.sreg.has_key('email'):
90
return HttpResponse("Your e-mail address is: %s" % escape(
91
request.openid.sreg['email']
94
return HttpResponse("No e-mail address")
98
<h2><a id="customisation">Customisation</a></h2>
99
<p><tt class="docutils literal"><span class="pre">django_openidconsumer</span></tt> uses two templates:</p>
100
<dl class="docutils">
101
<dt><tt class="docutils literal"><span class="pre">openid_signin.html</span></tt></dt>
102
<dd>The form presented to the user when they sign in.</dd>
103
<dt><tt class="docutils literal"><span class="pre">openid_failure.html</span></tt></dt>
104
<dd>The template used to display an error message when something goes wrong.</dd>
106
<p>You can over-ride the default templates by creating templates of the same name
107
and placing them somewhere on your template path. You can find the example
108
templates in the <tt class="docutils literal"><span class="pre">django_openidconsumer/templates</span></tt> directory.</p>
109
<p>The OpenID specification strongly recommends that any OpenID registration form
110
has a <tt class="docutils literal"><span class="pre">name</span></tt> attribute of <tt class="docutils literal"><span class="pre">openid_url</span></tt> to aid browser autocompletion, and
111
displays the <a class="reference" href="http://openid.net/login-bg.gif">OpenID logo</a> inline in the form field using the following CSS:</p>
112
<pre class="literal-block">
114
background: url(/path/to/login-bg.gif) no-repeat;
115
background-position: 0 50%;
119
<p>By default, the package expects the <tt class="docutils literal"><span class="pre">django_openidconsumer.views.complete</span></tt>
120
view to be located at <tt class="docutils literal"><span class="pre">/openid/complete/</span></tt>. This is the view that the OpenID
121
provider will redirect the user to after they have authenticated. If you want to
122
put it somewhere else you can either pass an extra <tt class="docutils literal"><span class="pre">redirect_to</span></tt> argument to
123
<tt class="docutils literal"><span class="pre">django_openidconsumer.views.begin</span></tt> or add an <tt class="docutils literal"><span class="pre">OPENID_REDIRECT_TO</span></tt> setting
124
to <tt class="docutils literal"><span class="pre">settings.py</span></tt>.</p>
125
<p>You can pass a <tt class="docutils literal"><span class="pre">?next=</span></tt> query string argument containing a relative URL to
126
the <tt class="docutils literal"><span class="pre">begin</span></tt> view to control where the user will be redirected to having
127
returned to your site. You can also set the default redirection location
128
using the <tt class="docutils literal"><span class="pre">OPENID_REDIRECT_NEXT</span></tt> setting; if you do set set a default the user
129
will be redirected to your homepage.</p>
131
<div class="section">
132
<h2><a id="i-names">i-names</a></h2>
133
<p><a class="reference" href="http://www.inames.net/">i-names</a> are part of the OpenID 2.0 specification, which is currently being
134
developed. They are supported by the python-openid library, and hence are also
135
supported by <tt class="docutils literal"><span class="pre">django_openidconsumer</span></tt>. You can tell if an OpenID is an i-name
136
by checking the <tt class="docutils literal"><span class="pre">request.openid.is_iname</span></tt> property.</p>
137
<p>If you wish to disable i-name support, you can do so by adding the following to
138
your <tt class="docutils literal"><span class="pre">settings.py</span></tt>:</p>
139
<pre class="literal-block">
140
OPENID_DISALLOW_INAMES = True