PAS Developers,

I'm working on an OpenID PAS Authentication plugin for zope.  For
those of you who are not familiar with OpenID, it is a decentralized
URL-based identity system originally developed by 
For more info have a look at

OpenID authentication is performed under the user's supervision.  A
typical login session, and from a user's perspective looks something
like this:

Scenario:  Trying to log in to with as my openid server
1) User visits Zope) and enters her OpenID URL
into the login form.
2) must verify that the User is actually who they say they
are, and does so by contacting the openid server for the URL.  This is
done by sending an HTTP redirect through the user's browser to with some info attached to the url.
3) asks the user if they trust with their
identity, and if so, then sends a redirect back to the
with some more info emebeded in the URL for verification.
4) User is loggen into with their OpenID.

Leaving out all the details of OpenID, my plugin needs to at least be
able to send a redirect to (Step 2) before the
authenticateCredentials step(Step 3).

Where, and through what mechanism is the right place to put this
processing and redirect?  At first glance, it looks like I should be
sending the redirect(Step 2) after a custom extractCredentials, but
i'm not sure exactlty how to do this.  Does this sound correct?  I
could use a nudge in the right direction here.

I've been using the GMailAuthPlugin as inspiration for my plugin.

Brian Ellin
Zope-PAS mailing list

Reply via email to