OpenID... and Django and Django <ul><li>Nathan Florea </li></ul><ul><li>The Wenatchee World </li></ul>
What is OpenID? <ul><li>An open standard for decentralized authentication. </li></ul><ul><li>Internet-based single sign-on...
Why? <ul><li>Here’s two reasons: </li></ul><ul><ul><li>Unwieldy, unfriendly usernames. </li></ul></ul><ul><ul><li>Isn’t ve...
Unwieldy usernames <ul><ul><ul><li>I was excited about OpenID. </li></ul></ul></ul><ul><ul><ul><li>I set one up for my dad...
Unwieldy usernames <ul><li>Me:  Hey, Dad, I'm going to set you up with an OpenID.  It'll be  http://openid.thefloreas.com/...
Unwieldy usernames <ul><li>Dad:  What would my username be again? </li></ul>
Unwieldy usernames <ul><li>Me:   http://openid.thefloreas.com/blahblah/urlghetto/carl . </li></ul>
Unwieldy usernames <ul><li>Dad:  Umm, did you see the Sounders game last night? </li></ul>
Unwieldy usernames <ul><li>Me:  No, but I'm going to watch it lat- </li></ul>
Unwieldy usernames <ul><li>Dad:  They won. </li></ul>
Unwieldy usernames <ul><li>Me:  Thanks, Dad. </li></ul>
Unwieldy usernames <ul><li>A failure. </li></ul><ul><li>Turns out, my friends and family (“users”) don’t like URLs. </li><...
Not very useful <ul><li>OpenID provides authentication. </li></ul><ul><li>OpenID doesn’t provide anything else. </li></ul>...
Not very useful <ul><li>Simon Willison launched a new social conference directory site,  http://lanyrd.com . </li></ul><ul...
Not very useful <ul><li>He took some flack for that. </li></ul><ul><li>His explanation: </li></ul><ul><li>I spent the best...
Not very useful <ul><li>Developers and users are willing to give up some control of their online identity in exchange for ...
and Django and Django <ul><li>Well, not a total failure. </li></ul><ul><li>Very cool technology. </li></ul><ul><li>Interne...
and Django and Django <ul><li>You have multiple, cool Django sites. </li></ul><ul><li>You are building more all the time. ...
and Django and Django <ul><ul><li>No.  You want: </li></ul></ul><ul><ul><ul><li>Control. </li></ul></ul></ul><ul><ul><ul><...
Integrating OpenID with Django <ul><ul><li>To use OpenID with Django, you need to: </li></ul></ul><ul><ul><ul><li>Setup an...
OpenID Enabled <ul><li>Lots of consumer apps, only a couple providers. </li></ul><ul><li>Everything based off Janrain’s Op...
Setup the provider <ul><li>We use openid_provider. </li></ul><ul><ul><li>Somewhat active development. </li></ul></ul><ul><...
Setup the provider <ul><ul><li>Unique URL for your OpenIDs. </li></ul></ul><ul><ul><ul><li>Example: http://id.mydomain.com...
Setup the consumer <ul><li>Launchpad’s django_openid_auth for consumer. </li></ul><ul><ul><li>Active development. </li></u...
Setup the consumer <ul><ul><li>Install app on each Django site. </li></ul></ul><ul><ul><li>Configure. </li></ul></ul><ul><...
That’s good.  But I want a little bit more... <ul><ul><li>That solves authentication. </li></ul></ul><ul><ul><li>But each ...
Introducing: SREG <ul><li>Simple Registration (SREG). </li></ul><ul><li>Extension to OpenID. </li></ul><ul><li>Allows cons...
Introducing: SREG <ul><li>Can consolidate all user information on your provider. </li></ul><ul><li>Parcel out relevant inf...
Result <ul><li>User with account visits consumer1.mydomain.com for the first time and clicks the login link. </li></ul><ul...
Catches <ul><li>Biggest one is session cookies: </li></ul><ul><ul><li>Consumer1, consumer2, and provider all have differen...
In conclusion <ul><li>Urls: </li></ul><ul><li>https://launchpad.net/django-openid-auth </li></ul><ul><li>http://www.romke....
In conclusion <ul><li>Will post a live example, a provider and two consumers, after the weekend, plus source. </li></ul><u...
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Open ID and Django
Upcoming SlideShare
Loading in...5
×

Open ID and Django

2,734

Published on

Slides from a lightning talk I gave at DjangoCon '10 regarding the usefulness of OpenID as a single sign-on solution for multiple Django sites.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,734
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Open ID and Django

  1. 1. OpenID... and Django and Django <ul><li>Nathan Florea </li></ul><ul><li>The Wenatchee World </li></ul>
  2. 2. What is OpenID? <ul><li>An open standard for decentralized authentication. </li></ul><ul><li>Internet-based single sign-on. </li></ul><ul><li>Unique identities based on URIs (or XRIs, if anyone cares). </li></ul><ul><li>A failure. </li></ul>
  3. 3. Why? <ul><li>Here’s two reasons: </li></ul><ul><ul><li>Unwieldy, unfriendly usernames. </li></ul></ul><ul><ul><li>Isn’t very useful. </li></ul></ul>
  4. 4. Unwieldy usernames <ul><ul><ul><li>I was excited about OpenID. </li></ul></ul></ul><ul><ul><ul><li>I set one up for my dad. </li></ul></ul></ul>
  5. 5. Unwieldy usernames <ul><li>Me: Hey, Dad, I'm going to set you up with an OpenID. It'll be http://openid.thefloreas.com/blahblah/urlghetto/carl . Now you'll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same, single password. Isn't that cool? </li></ul>
  6. 6. Unwieldy usernames <ul><li>Dad: What would my username be again? </li></ul>
  7. 7. Unwieldy usernames <ul><li>Me: http://openid.thefloreas.com/blahblah/urlghetto/carl . </li></ul>
  8. 8. Unwieldy usernames <ul><li>Dad: Umm, did you see the Sounders game last night? </li></ul>
  9. 9. Unwieldy usernames <ul><li>Me: No, but I'm going to watch it lat- </li></ul>
  10. 10. Unwieldy usernames <ul><li>Dad: They won. </li></ul>
  11. 11. Unwieldy usernames <ul><li>Me: Thanks, Dad. </li></ul>
  12. 12. Unwieldy usernames <ul><li>A failure. </li></ul><ul><li>Turns out, my friends and family (“users”) don’t like URLs. </li></ul><ul><li>Here’s one of their URLs: “google Wenatchee falling cow.” </li></ul><ul><ul><li>Except Weird Uncle Tom, who says “bing Wenatchee falling cow”. </li></ul></ul><ul><ul><ul><li>(we don’t talk to Uncle Tom.) </li></ul></ul></ul>
  13. 13. Not very useful <ul><li>OpenID provides authentication. </li></ul><ul><li>OpenID doesn’t provide anything else. </li></ul><ul><li>My friends and family (“users”) use Facebook. </li></ul><ul><li>They expect more. </li></ul>
  14. 14. Not very useful <ul><li>Simon Willison launched a new social conference directory site, http://lanyrd.com . </li></ul><ul><li>Simon Willison is a huge supporter of OpenID. </li></ul><ul><li>Lanyrd only authenticates through Twitter. </li></ul>
  15. 15. Not very useful <ul><li>He took some flack for that. </li></ul><ul><li>His explanation: </li></ul><ul><li>I spent the best part of three years advocating OpenID not just because of a belief in openness, but because of the things I wanted to build with it. I wanted to build sites that already knew about you before you even signed in. I wanted to be able to pull in information about you and your relationships from other providers. I wanted to use your public, globally unique ID to share (non creepy) information about you with other sites. </li></ul><ul><li>Then I got bored of waiting. By plugging in to the Twitter ecosystem I get all of those advantages, but I can actually build something successful and popular today. </li></ul>
  16. 16. Not very useful <ul><li>Developers and users are willing to give up some control of their online identity in exchange for cool stuff. </li></ul><ul><li>Twitter, Facebook, Google provide authentication PLUS a social graph. </li></ul>
  17. 17. and Django and Django <ul><li>Well, not a total failure. </li></ul><ul><li>Very cool technology. </li></ul><ul><li>Internet-based single sign-on. </li></ul><ul><li>Where is that useful? </li></ul>
  18. 18. and Django and Django <ul><li>You have multiple, cool Django sites. </li></ul><ul><li>You are building more all the time. </li></ul><ul><li>You want your users to be able to use a single account for all of your sites. </li></ul><ul><li>Solution: </li></ul><ul><ul><li>Facebook! </li></ul></ul>
  19. 19. and Django and Django <ul><ul><li>No. You want: </li></ul></ul><ul><ul><ul><li>Control. </li></ul></ul></ul><ul><ul><ul><li>Something simple. </li></ul></ul></ul><ul><ul><ul><li>With wide support. </li></ul></ul></ul><ul><ul><ul><li>You don’t need a social graph. </li></ul></ul></ul><ul><ul><ul><li>You only need your users to login. </li></ul></ul></ul><ul><ul><li>Solution: </li></ul></ul><ul><ul><ul><ul><li>OpenID! </li></ul></ul></ul></ul>
  20. 20. Integrating OpenID with Django <ul><ul><li>To use OpenID with Django, you need to: </li></ul></ul><ul><ul><ul><li>Setup an OpenID provider, the server to authenticate against. </li></ul></ul></ul><ul><ul><ul><li>Install an OpenID consumer app on all of your Django sites. </li></ul></ul></ul>
  21. 21. OpenID Enabled <ul><li>Lots of consumer apps, only a couple providers. </li></ul><ul><li>Everything based off Janrain’s OpenID libraries. </li></ul><ul><ul><li>http://www.janrain.com/openid-enabled </li></ul></ul><ul><ul><li>Every useful web language - and PHP. </li></ul></ul><ul><ul><li>For Python, openid. </li></ul></ul>
  22. 22. Setup the provider <ul><li>We use openid_provider. </li></ul><ul><ul><li>Somewhat active development. </li></ul></ul><ul><ul><li>Works. </li></ul></ul><ul><ul><li>http://www.romke.net/django/openid_provider/ </li></ul></ul>
  23. 23. Setup the provider <ul><ul><li>Unique URL for your OpenIDs. </li></ul></ul><ul><ul><ul><li>Example: http://id.mydomain.com/openid/ </li></ul></ul></ul><ul><ul><li>Pretty straightforward </li></ul></ul><ul><ul><li>Will want to create a signal on User creation to create an OpenID at the same time. </li></ul></ul>
  24. 24. Setup the consumer <ul><li>Launchpad’s django_openid_auth for consumer. </li></ul><ul><ul><li>Active development. </li></ul></ul><ul><ul><li>Authentication backend, integrates with Django User. </li></ul></ul><ul><ul><li>Allows URL “cheating.” </li></ul></ul><ul><ul><li>https://launchpad.net/django-openid-auth </li></ul></ul>
  25. 25. Setup the consumer <ul><ul><li>Install app on each Django site. </li></ul></ul><ul><ul><li>Configure. </li></ul></ul><ul><ul><li>Allows “cheating” on the OpenID URLs. </li></ul></ul><ul><ul><ul><li>OPENID_SSO_SERVER_URL = “ http://id.mydomain/openid/ ” </li></ul></ul></ul>
  26. 26. That’s good. But I want a little bit more... <ul><ul><li>That solves authentication. </li></ul></ul><ul><ul><li>But each Django site still duplicates a lot of user information. </li></ul></ul><ul><ul><li>How can I centralize that, too? </li></ul></ul>
  27. 27. Introducing: SREG <ul><li>Simple Registration (SREG). </li></ul><ul><li>Extension to OpenID. </li></ul><ul><li>Allows consumers to request additional information from providers. </li></ul><ul><li>Very basic info, such as preferred username and e-mail, but: </li></ul><ul><li>Extensible! </li></ul>
  28. 28. Introducing: SREG <ul><li>Can consolidate all user information on your provider. </li></ul><ul><li>Parcel out relevant information to consumers through SREG. </li></ul><ul><ul><li>Example: Is user subscribed to consumer1’s newsletter? Only consumer1 cares. </li></ul></ul><ul><li>Sync only occurs on login, probably still want to do some background syncing. </li></ul>
  29. 29. Result <ul><li>User with account visits consumer1.mydomain.com for the first time and clicks the login link. </li></ul><ul><li>User redirected to id.mydomain.com to login. </li></ul><ul><ul><li>Ajax allows this to all happen in the background. </li></ul></ul><ul><ul><li>Just uses username (e.g. “user1”), doesn’t have to worry about URIs. </li></ul></ul><ul><ul><li>New User created on consumer1 linked to OpenID. </li></ul></ul><ul><li>User clicks login on consumer2.myotherdomain.com, automatically logged in with no username or password entry. </li></ul>
  30. 30. Catches <ul><li>Biggest one is session cookies: </li></ul><ul><ul><li>Consumer1, consumer2, and provider all have different session cookies. </li></ul></ul><ul><ul><li>User logs out of consumer1, you redirect to also log out of provider and then return, the user is still logged in on consumer2. May or may not be a problem. </li></ul></ul>
  31. 31. In conclusion <ul><li>Urls: </li></ul><ul><li>https://launchpad.net/django-openid-auth </li></ul><ul><li>http://www.romke.net/django/openid_provider/ </li></ul><ul><li>http://www.janrain.com/openid-enabled </li></ul>
  32. 32. In conclusion <ul><li>Will post a live example, a provider and two consumers, after the weekend, plus source. </li></ul><ul><li>Look for a tweet to #djangocon. </li></ul><ul><li>Contact me if you have are curious or have questions: </li></ul><ul><li>@florean </li></ul><ul><li>[email_address] </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×