[web2py:20839] help with google openid

Wed, 29 Apr 2009 13:51:43 -0700 

I am trying to allow Auth to access google open id. This is a test.

1) register your domain with google open id

http://code.google.com/intl/it/apis/account/docs/RegistrationForWebAppsAuto.html

2) add the following method to gluon/tools.py Auth class

def gopenid(self):
    return_to="http://yourdomain/yourapp/default/user/gopenid";
    realm="http://yourdomain/";
    if not request.vars:
        redirect("""https://www.google.com/accounts/o8/ud?
openid.ns=http%%3A%%2F%%2Fspecs.openid.net%%2Fa\
uth%%2F2.0&openid.claimed_id=http%%3A%%2F%%2Fspecs.openid.net%%2Fauth%
%2F2.0%%2Fidentifier_select&openid.\
identity=http%%3A%%2F%%2Fspecs.openid.net%%2Fauth%%2F2.0%
%2Fidentifier_select&openid.return_to=%s&openid.\
realm=
%s&openid.assoc_handle=ABSmpf6DNMw&openid.mode=checkid_setup&openid.ns.ext1=http
%%3A%%2F%%2Fopenid.\
net%%2Fsrv%%2Fax%
%2F1.0&openid.ext1.mode=fetch_request&openid.ext1.type.email=http%%3A%
%2F%%2Faxschema.or\
g%%2Fcontact%%2Femail&openid.ext1.required=email""" % (return_to,
realm)
    elif request.vars.get('openid.mode','cancel')=='cancel':
        response.flash="request denied"
    elif 'token' in request.vars:
        session.openid_token = request.vars.token
        return "you got a token"
    elif 'openid.ext1.value.email' in request.vars: #### 3rd eilf
        session.openid_email = request.vars.get
('openid.ext1.value.email')
        return "your email is",session.openid_email

and edit these two lines:
    return_to="http://yourdomain/yourapp/default/user/gopenid";
    realm="http://yourdomain/";


Now try visit
http://yourdomain/yourapp/default/user/gopenid

Does it work?

It does for me BUT I do not understand it. There is no security here.
How do I know the request that triggers the 3rd elif in code comes
from google?

Massimo

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to