Python OpenID
Carl Howells
chowells at janrain.com
Tue Jul 5 10:01:52 PDT 2005
Dan Connolly wrote:
> I can't tell if it's working or not. What's
> supposed to happen after step 3 where I
> put http://localhost:8082/whoever in the form?
>
> I get page that says "Log In!" and
> "No password used because this is just an example."
> and when I hit the "Log In" button, it just comes
> back to the same page.
>
> Is that as designed? I'm not really clear on how
> OpenID works yet.
Ok, looks like you're getting hung up by my sample OpenID server's
design. I suppose its functionality isn't all that clear if you haven't
read its code.
The first thing to note is that the background color of the page
indicates whether the OpenID server or consumer is responsible for the
page. A yellow background indicates a page the consumer drew, a purple
background indicates a page the openid server drew.
Second, the server has two jobs. Its first job is to send identity
pages. Those can be reached via:
http://localhost:8082/username
Those pages are simple, and consist just of the minimal useful
information: What the username is, the <link rel=...> tags in the HTML
head, and a link back to the server homepage.
So if you go to the consumer example:
http://localhost:8081/
And type in an identity url like:
http://localhost:8082/bob
The consumer will try to verify that you own that address, so it will
ask the server if it can verify it. The server can't, initially, for
two reasons. First, you aren't logged in as bob. Second, bob hasn't
given permission for the consumer to know his identity URL.
So the screen you're seeing is asking you to log in as the user you're
trying to authenticate as. As it's just a stupid example, it doesn't
use passwords or actual accounts, so just feed it the username that goes
with your identity url. After you correctly input that username, it
will ask you if you want to allow the consumer to know your identity.
If you allow that, it returns to the consumer, who now has your identity
verified.
The example server sets a cookie to track your current identity, and it
uses RAM-based storage to track which trust_roots you've allowed to see
the identity for each user.
Hopefully this will be enough information for you to understand what's
going on in each step. Clearly, the README with the example needs to be
updated, and I'll work on that.
Thanks for your feedback!
Carl
More information about the yadis
mailing list