View
109
Download
1
Category
Tags:
Preview:
DESCRIPTION
Slides from a lightning talk I gave at DjangoCon '10 regarding the usefulness of OpenID as a single sign-on solution for multiple Django sites.
Citation preview
OpenIDand Django
Nathan FloreaThe Wenatchee World
What is OpenID
What is OpenID
bull An open standard for decentralized authentication
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
What is OpenID
What is OpenID
bull An open standard for decentralized authentication
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
What is OpenID
bull An open standard for decentralized authentication
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
What is OpenID
bull An open standard for decentralized authentication
bull Internet-based single sign-on
bull Unique identities based on URIs (or XRIs if anyone cares)
bull A failure
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Why
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Why
bull Herersquos two reasons
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Why
bull Herersquos two reasons
bull Unwieldy unfriendly usernames
bull Isnrsquot very useful
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
bull I was excited about OpenID
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
bull I was excited about OpenID
bull I set one up for my dad
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernamesMe Hey Dad Im going to set you up with an OpenID Itll be httpopenidthefloreascomblahblahurlghettocarl Now youll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same single password Isnt that cool
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernamesDad What would my username be again
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernamesMe httpopenidthefloreascomblahblahurlghettocarl
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernamesDad Umm did you see the Sounders game last night
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernamesMe No but Im going to watch it lat-
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernamesDad They won
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernamesMe Thanks Dad
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
bull A failure
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Unwieldy usernames
bull A failure
bull Turns out my friends and family (ldquousersrdquo) donrsquot like URLs
bull Herersquos one of their URLs ldquogoogle Wenatchee falling cowrdquo
bull Except Weird Uncle Tom who says ldquobing Wenatchee falling cowrdquo
bull (we donrsquot talk to Uncle Tom)
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull OpenID provides authentication
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull OpenID provides authentication
bull OpenID doesnrsquot provide anything else
bull My friends and family (ldquousersrdquo) use Facebook
bull They expect more
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull Simon Willison launched a new social conference directory site httplanyrdcom
bull Simon Willison is a huge supporter of OpenID
bull Lanyrd only authenticates through Twitter
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very usefulbull He took some flack for that
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very usefulbull He took some flack for that
bull His explanationI spent the best part of three years advocating OpenID not just because of a belief in openness but because of the things I wanted to build with it I wanted to build sites that already knew about you before you even signed in I wanted to be able to pull in information about you and your relationships from other providers I wanted to use your public globally unique ID to share (non creepy) information about you with other sites
Then I got bored of waiting By plugging in to the Twitter ecosystem I get all of those advantages but I can actually build something successful and popular today
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Not very useful
bull Developers and users are willing to give up some control of their online identity in exchange for cool stuff
bull Twitter Facebook Google provide authentication PLUS a social graph
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Django
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull Well not a total failure
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull Well not a total failure
bull Very cool technology
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull Well not a total failure
bull Very cool technology
bull Internet-based single sign-on
bull Where is that useful
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Django
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull You have multiple cool Django sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull You have multiple cool Django sites
bull You are building more all the time
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull You have multiple cool Django sites
bull You are building more all the time
bull You want your users to be able to use a single account for all of your sites
bull Solution
bull Facebook
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Django
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull No You want
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull No You want
bull Control
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull No You want
bull Control
bull Something simple
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
and Djangobull No You want
bull Control
bull Something simple
bull With wide support
bull You donrsquot need a social graph
bull You only need your users to login
bull Solution
bull OpenID
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Integrating OpenID with Django
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Integrating OpenID with Django
bull To use OpenID with Django you need to
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Integrating OpenID with Django
bull To use OpenID with Django you need to
bull Setup an OpenID provider the server to authenticate against
bull Install an OpenID consumer app on all of your Django sites
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
OpenID Enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
OpenID Enabled
bull Lots of consumer apps only a couple providers
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
OpenID Enabled
bull Lots of consumer apps only a couple providers
bull Everything based off Janrainrsquos OpenID libraries
bull httpwwwjanraincomopenid-enabled
bull Every useful web language - and PHP
bull For Python openid
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the provider
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the providerbull We use openid_provider
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the providerbull We use openid_provider
bull Somewhat active development
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the providerbull We use openid_provider
bull Somewhat active development
bull Works
bull httpwwwromkenetdjangoopenid_provider
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the provider
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the providerbull Unique URL for your OpenIDs
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the providerbull Unique URL for your OpenIDs
bull Example httpidmydomaincomopenid
bull Pretty straightforward
bull Will want to create a signal on User creation to create an OpenID at the same time
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Launchpadrsquos django_openid_auth for consumer
bull Active development
bull Authentication backend integrates with Django User
bull Allows URL ldquocheatingrdquo
bull httpslaunchpadnetdjango-openid-auth
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumer
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Install app on each Django site
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Install app on each Django site
bull Configure
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Setup the consumerbull Install app on each Django site
bull Configure
bull Allows ldquocheatingrdquo on the OpenID URLs
bull OPENID_SSO_SERVER_URL = ldquohttpidmydomainopenidrdquo
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Thatrsquos good But I want a little bit more
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Thatrsquos good But I want a little bit more
bull That solves authentication
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Thatrsquos good But I want a little bit more
bull That solves authentication
bull But each Django site still duplicates a lot of user information
bull How can I centralize that too
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Simple Registration (SREG)
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Simple Registration (SREG)
bull Extension to OpenID
bull Allows consumers to request additional information from providers
bull Very basic info such as preferred username and e-mail but
bull Extensible
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Can consolidate all user information on your provider
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Introducing SREG
bull Can consolidate all user information on your provider
bull Parcel out relevant information to consumers through SREG
bull Example Is user subscribed to consumer1rsquos newsletter Only consumer1 cares
bull Sync only occurs on login probably still want to do some background syncing
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Result
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Resultbull User with account visits consumer1mydomaincom for
the first time and clicks the login link
bull User redirected to idmydomaincom to login
bull Ajax allows this to all happen in the background
bull Just uses username (eg ldquouser1rdquo) doesnrsquot have to worry about URIs
bull New User created on consumer1 linked to OpenID
bull User clicks login on consumer2myotherdomaincom automatically logged in with no username or password entry
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Catches
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Catches
bull Biggest one is session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Catches
bull Biggest one is session cookies
bull Consumer1 consumer2 and provider all have different session cookies
bull User logs out of consumer1 you redirect to also log out of provider and then return the user is still logged in on consumer2 May or may not be a problem
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
In conclusionUrls
bull httpslaunchpadnetdjango-openid-auth
bull httpwwwromkenetdjangoopenid_provider
bull httpwwwjanraincomopenid-enabled
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
In conclusionWill post a live example a provider and two consumers after the weekend plus source
Look for a tweet to djangocon
Contact me if you have are curious or have questions
florean
floreawenatcheeworldcom
Recommended