I see two problems that need to be solved and may require change in Auth: - all existing login methods use the same form (username/email +password) but OID is different. So Auth must be able to delegate to the login method form generation and processing - OpenID does not necessarily return a first_name, last_name, email of the user so there is not enough info to fill the database table - when using OpenID some methods like retrieve_password should be disabled or link the OpenID provider.
Massimo On Aug 2, 9:03 am, hcvst <[email protected]> wrote: > I agree. Also, OID should just be an alternative login method, with > the standard method always being available (unless disabled) too. > > =HC > > On Aug 2, 3:24 pm, mdipierro <[email protected]> wrote: > > > Let's think about this some more. > > > Massimo > > > On Aug 2, 8:23 am, hcvst <[email protected]> wrote: > > > > Hi Massimo, > > > > I like the plugin. Just three methods to implement and I do not not > > > need to know how > > > Auth works under the hood. In terms of maintenance this seems nice, as > > > it's quite > > > loosely coupled. Sure, when extending Auth, the user only has to > > > change Auth to OpenIDAuth > > > in the model, but that's only because the skeleton app now comes with > > > an auth controller > > > function. If you really prefer Auth to be extended, I'll give it a > > > try, but I would prefer to > > > see auth's plugin mechanism to work consistently (unless it does > > > already and I misunderstood > > > how to use it). I can post to the dev-group regarding the auth > > > 'inconsistency' as I see it. > > > > Regards, > > > HC > > > > On Aug 2, 1:12 pm, mdipierro <[email protected]> wrote: > > > > > No. I am just saying that saying that it will be easier to implement a > > > > new class that extends Auth with OpenID, instead of creating a OpenID > > > > plugin for Auth. > > > > The interface will be the same so you do not need to change your code > > > > but you need to change the line > > > > > auth=Auth(...) > > > > > to > > > > > auth=OpenIDAuth(...) > > > > > On Aug 2, 12:09 am, Bottiger <[email protected]> wrote: > > > > > > Massimo, are you saying that there will never be an official Web2Py > > > > > incorporation of OpenID and Auth? > > > > > > On Aug 1, 3:54 pm, mdipierro <[email protected]> wrote: > > > > > > > Sorry it took me so long. I looked into this and it cannot be done > > > > > > this way easily as I though. The reason is that OID uses the two > > > > > > tables you created (and you are correct) and does not use auth_user > > > > > > at > > > > > > all. Hence it cannot take advantage of the functionality of Auth > > > > > > (access control, etc etc.). Open id can only determine if a user is > > > > > > logged in or not. > > > > > > > The best one can do is create a new OpenIDAuth class that replaces > > > > > > Auth and exposes similar 'login', 'logout', 'require login' > > > > > > functionality. > > > > > > > I think you did this already in the OpenID app. > > > > > > > Massimo > > > > > > > On Jul 29, 5:12 pm, hcvst <[email protected]> wrote: > > > > > > > > Hi, > > > > > > > > I am just trying to implement CasAuth to plug openID (oID) into > > > > > > > auth > > > > > > > (). > > > > > > > I've got a simple oID server/consumer app using the Janrain > > > > > > > Python oID lib. > > > > > > > > The login_methods.gae example included in the login_methods folder > > > > > > > seems to fit (too) well, as all external calls are wrapped nicely > > > > > > > in > > > > > > > the > > > > > > > gae lib, but I am struggling to see how to do the same with my > > > > > > > oID. > > > > > > > > Here's what I've tried now. It works.. just. > > > > > > > > 1 - Pack all oID functionality into a module and place it in > > > > > > > myapp/modules > > > > > > > .../modules/w2popenid.py (http://pastebin.co.za/23469) > > > > > > > > 2 - the module provides an oID service a bit like Auth such > > > > > > > that it can be served via a single controller function. > > > > > > > > consumer_service = w2popenid.Consumer(env, db) > > > > > > > def oid_consumer(): return (form=consumer_service()) > > > > > > > > 3 - in db.py, I set auth.settings.login_form (or so) to > > > > > > > > from app.modules.w2popenid import OpenIDAuth > > > > > > > auth.settings.login_form = OpenIDAuth(service_url, globals()) > > > > > > > > where > > > > > > > OpenIDAuth implements/extends the class CasAuth > > > > > > > and service_url : URL(...f='oid_consumer') > > > > > > > is the url of the controller function bound to consumer_ service > > > > > > > in 2. above so that CasAuth.login_url can provide the service URL, > > > > > > > when asked by auth. > > > > > > > > Then it's a back and forth between controller, openID provider > > > > > > > and OpenIDAuth, with all required data stored somewhere in > > > > > > > session. > > > > > > > > Is that how one should plug sth like oid into auth()? > > > > > > > > If that is the correct approch, there are some other issues: > > > > > > > For example if oid_consumer() is defined outside the default > > > > > > > controller, > > > > > > > auth() seems to get mixed up and redirects to the default > > > > > > > controller. > > > > > > > Also, I don't seem to be able to flash my status codes back via > > > > > > > session.flash > > > > > > > Finally I am not sure whether I have to extend the users table to > > > > > > > cater for > > > > > > > additional openID fields and how best to do this. > > > > > > > But these are issues to solve once I know I didn't misunderstand > > > > > > > login_methods.. > > > > > > > > If this doesn't make much sense. Please get me to the point > > > > > > > tomorrow. > > > > > > > Time to say... > > > > > > > > Good night, > > > > > > > HC --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
