Last week, we released the source code to django-openid-auth. This is a small library that can add OpenID based authentication to Django applications. It has been used for a number of internal Canonical projects, including the sprint scheduler Scott wrote for the last Ubuntu Developer Summit, so it is possible you’ve already used the code.
Rather than trying to cover all possible use cases of OpenID, it focuses on providing OpenID Relying Party support to applications using Django’s django.contrib.auth authentication system. As such, it is usually enough to edit just two files in an existing application to enable OpenID login.
The library has a number of useful features:
- As well as the standard method of prompting the user for an identity URL, you can configure a fixed OpenID server URL. This is useful for deployments where OpenID is being used for single sign on, and you always want users to log in using a particular OpenID provider. Rather than asking the user for their identity URL, they are sent directly to the provider.
- It can be configured to automatically create accounts when new identity URLs are seen.
- User names, full names and email addresses can be set on accounts based on data sent via the OpenID Simple Registration extension.
- Support for Launchpad’s Teams OpenID extension, which lets you query membership of Launchpad teams when authenticating against Launchpad’s OpenID provider. Team memberships are mapped to Django group membership.
While the code can be used for generic OpenID login, we’ve mostly been using it for single sign on. The hope is that it will help members of the Ubuntu and Launchpad communities reuse our authentication system in a secure fashion.
The source code can be downloaded using the following Bazaar command:
bzr branch lp:django-openid-auth
Documentation on how to integrate the library is available in the README.txt file. The library includes some code written by Simon Willison for django-openid, and uses the same licensing terms (2 clause BSD) as that project.