SlideShare une entreprise Scribd logo
1  sur  120
Télécharger pour lire hors ligne
OpenID...
                     and Django


          Nathan Florea
      The Wenatchee World
What is OpenID?
What is OpenID?
• An open standard for decentralized
  authentication.
What is OpenID?
• An open standard for decentralized
  authentication.
• Internet-based single sign-on.
What is OpenID?
• An open standard for decentralized
  authentication.
• Internet-based single sign-on.
• Unique identities based on URIs (or XRIs, if
  anyone cares).
What is OpenID?
• An open standard for decentralized
  authentication.
• Internet-based single sign-on.
• Unique identities based on URIs (or XRIs, if
  anyone cares).
• A failure.
Why?
Why?
• Here’s two reasons:
Why?
• Here’s two reasons:
 • Unwieldy, unfriendly usernames.
Why?
• Here’s two reasons:
 • Unwieldy, unfriendly usernames.
 • Isn’t very useful.
Unwieldy usernames
Unwieldy usernames
 • I was excited about OpenID.
Unwieldy usernames
 • I was excited about OpenID.
 • I set one up for my dad.
Unwieldy usernames
Me: Hey, Dad, I'm going to set you up with
an OpenID. It'll be http://
openid.thefloreas.com/blahblah/urlghetto/
carl. Now you'll be able to use that and a
single password to log in to some sites
instead of having to create five different
accounts all named carlflorea using the
same, single password. Isn't that cool?
Unwieldy usernames
Dad: What would my username be again?
Unwieldy usernames
Me: http://openid.thefloreas.com/blahblah/
urlghetto/carl.
Unwieldy usernames
Dad: Umm, did you see the Sounders game
last night?
Unwieldy usernames
Me: No, but I'm going to watch it lat-
Unwieldy usernames
Dad: They won.
Unwieldy usernames
Me: Thanks, Dad.
Unwieldy usernames
Unwieldy usernames
•   A failure.
Unwieldy usernames
•   A failure.
•   Turns out, my friends and family (“users”)
    don’t like URLs.
Unwieldy usernames
•   A failure.
•   Turns out, my friends and family (“users”)
    don’t like URLs.
•   Here’s one of their URLs: “google Wenatchee
    falling cow.”
Unwieldy usernames
•   A failure.
•   Turns out, my friends and family (“users”)
    don’t like URLs.
•   Here’s one of their URLs: “google Wenatchee
    falling cow.”
    •   Except Weird Uncle Tom, who says “bing
        Wenatchee falling cow”.
Unwieldy usernames
•   A failure.
•   Turns out, my friends and family (“users”)
    don’t like URLs.
•   Here’s one of their URLs: “google Wenatchee
    falling cow.”
    •   Except Weird Uncle Tom, who says “bing
        Wenatchee falling cow”.
        •   (we don’t talk to Uncle Tom.)
Not very useful
Not very useful
• OpenID provides authentication.
Not very useful
• OpenID provides authentication.
• OpenID doesn’t provide anything else.
Not very useful
• OpenID provides authentication.
• OpenID doesn’t provide anything else.
• My friends and family (“users”) use
  Facebook.
Not very useful
• OpenID provides authentication.
• OpenID doesn’t provide anything else.
• My friends and family (“users”) use
  Facebook.
• They expect more.
Not very useful
Not very useful
• Simon Willison launched a new social
  conference directory site, http://lanyrd.com.
Not very useful
• Simon Willison launched a new social
  conference directory site, http://lanyrd.com.
• Simon Willison is a huge supporter of
  OpenID.
Not very useful
• Simon Willison launched a new social
  conference directory site, http://lanyrd.com.
• Simon Willison is a huge supporter of
  OpenID.
• Lanyrd only authenticates through Twitter.
Not very useful
Not very useful
•   He took some flack for that.
Not very useful
•   He took some flack for that.

•   His explanation:
    I spent the best part of three years advocating OpenID not just because of a
    belief in openness, but because of the things I wanted to build with it. I wanted
    to build sites that already knew about you before you even signed in. I wanted
    to be able to pull in information about you and your relationships from other
    providers. I wanted to use your public, globally unique ID to share (non creepy)
    information about you with other sites.

    Then I got bored of waiting. By plugging in to the Twitter ecosystem I get all of
    those advantages, but I can actually build something successful and popular
    today.
Not very useful
Not very useful
• Developers and users are willing to give up
  some control of their online identity in
  exchange for cool stuff.
Not very useful
• Developers and users are willing to give up
  some control of their online identity in
  exchange for cool stuff.
• Twitter, Facebook, Google provide
  authentication PLUS a social graph.
and Django
and Django
• Well, not a total failure.
and Django
• Well, not a total failure.
• Very cool technology.
and Django
• Well, not a total failure.
• Very cool technology.
• Internet-based single sign-on.
and Django
• Well, not a total failure.
• Very cool technology.
• Internet-based single sign-on.
• Where is that useful?
and Django
and Django
• You have multiple, cool Django sites.
and Django
• You have multiple, cool Django sites.
• You are building more all the time.
and Django
• You have multiple, cool Django sites.
• You are building more all the time.
• You want your users to be able to use a
  single account for all of your sites.
and Django
• You have multiple, cool Django sites.
• You are building more all the time.
• You want your users to be able to use a
  single account for all of your sites.
• Solution:
and Django
• You have multiple, cool Django sites.
• You are building more all the time.
• You want your users to be able to use a
  single account for all of your sites.
• Solution:
 • Facebook!
and Django
and Django
•   No. You want:
and Django
•   No. You want:

    •   Control.
and Django
•   No. You want:

    •   Control.

    •   Something simple.
and Django
•   No. You want:

    •   Control.

    •   Something simple.

    •   With wide support.
and Django
•   No. You want:

    •   Control.

    •   Something simple.

    •   With wide support.

    •   You don’t need a social graph.
and Django
•   No. You want:

    •   Control.

    •   Something simple.

    •   With wide support.

    •   You don’t need a social graph.

    •   You only need your users to login.
and Django
•   No. You want:

    •   Control.

    •   Something simple.

    •   With wide support.

    •   You don’t need a social graph.

    •   You only need your users to login.

•   Solution:
and Django
•   No. You want:

    •   Control.

    •   Something simple.

    •   With wide support.

    •   You don’t need a social graph.

    •   You only need your users to login.

•   Solution:

        •   OpenID!
Integrating OpenID with Django
Integrating OpenID with Django

  •   To use OpenID with Django, you need to:
Integrating OpenID with Django

  •   To use OpenID with Django, you need to:

      •   Setup an OpenID provider, the server to
          authenticate against.
Integrating OpenID with Django

  •   To use OpenID with Django, you need to:

      •   Setup an OpenID provider, the server to
          authenticate against.

      •   Install an OpenID consumer app on all of
          your Django sites.
OpenID Enabled
OpenID Enabled
• Lots of consumer apps, only a couple
  providers.
OpenID Enabled
• Lots of consumer apps, only a couple
  providers.
• Everything based off Janrain’s OpenID
  libraries.
OpenID Enabled
• Lots of consumer apps, only a couple
  providers.
• Everything based off Janrain’s OpenID
  libraries.
 • http://www.janrain.com/openid-enabled
OpenID Enabled
• Lots of consumer apps, only a couple
  providers.
• Everything based off Janrain’s OpenID
  libraries.
 • http://www.janrain.com/openid-enabled
 • Every useful web language - and PHP.
OpenID Enabled
• Lots of consumer apps, only a couple
  providers.
• Everything based off Janrain’s OpenID
  libraries.
 • http://www.janrain.com/openid-enabled
 • Every useful web language - and PHP.
 • For Python, openid.
Setup the provider
Setup the provider
•   We use openid_provider.
Setup the provider
•   We use openid_provider.

    •   Somewhat active development.
Setup the provider
•   We use openid_provider.

    •   Somewhat active development.

    •   Works.
Setup the provider
•   We use openid_provider.

    •   Somewhat active development.

    •   Works.

    •   http://www.romke.net/django/openid_provider/
Setup the provider
Setup the provider
•   Unique URL for your OpenIDs.
Setup the provider
•   Unique URL for your OpenIDs.

    •   Example: http://id.mydomain.com/openid/
Setup the provider
•   Unique URL for your OpenIDs.

    •   Example: http://id.mydomain.com/openid/

•   Pretty straightforward
Setup the provider
•   Unique URL for your OpenIDs.

    •   Example: http://id.mydomain.com/openid/

•   Pretty straightforward

•   Will want to create a signal on User creation to
    create an OpenID at the same time.
Setup the consumer
Setup the consumer
•   Launchpad’s django_openid_auth for consumer.
Setup the consumer
•   Launchpad’s django_openid_auth for consumer.

    •   Active development.
Setup the consumer
•   Launchpad’s django_openid_auth for consumer.

    •   Active development.

    •   Authentication backend, integrates with Django
        User.
Setup the consumer
•   Launchpad’s django_openid_auth for consumer.

    •   Active development.

    •   Authentication backend, integrates with Django
        User.

    •   Allows URL “cheating.”
Setup the consumer
•   Launchpad’s django_openid_auth for consumer.

    •   Active development.

    •   Authentication backend, integrates with Django
        User.

    •   Allows URL “cheating.”

    •   https://launchpad.net/django-openid-auth
Setup the consumer
Setup the consumer
•   Install app on each Django site.
Setup the consumer
•   Install app on each Django site.

•   Configure.
Setup the consumer
•   Install app on each Django site.

•   Configure.

•   Allows “cheating” on the OpenID URLs.
Setup the consumer
•   Install app on each Django site.

•   Configure.

•   Allows “cheating” on the OpenID URLs.

    •   OPENID_SSO_SERVER_URL = “http://
        id.mydomain/openid/”
That’s good. But I want a little
          bit more...
That’s good. But I want a little
               bit more...
 • That solves authentication.
That’s good. But I want a little
               bit more...
 • That solves authentication.
 • But each Django site still duplicates a lot of user
     information.
That’s good. But I want a little
               bit more...
 • That solves authentication.
 • But each Django site still duplicates a lot of user
      information.

  •   How can I centralize that, too?
Introducing: SREG
Introducing: SREG
• Simple Registration (SREG).
Introducing: SREG
• Simple Registration (SREG).
• Extension to OpenID.
Introducing: SREG
• Simple Registration (SREG).
• Extension to OpenID.
• Allows consumers to request additional
  information from providers.
Introducing: SREG
• Simple Registration (SREG).
• Extension to OpenID.
• Allows consumers to request additional
  information from providers.
• Very basic info, such as preferred username
  and e-mail, but:
Introducing: SREG
• Simple Registration (SREG).
• Extension to OpenID.
• Allows consumers to request additional
  information from providers.
• Very basic info, such as preferred username
  and e-mail, but:
• Extensible!
Introducing: SREG
Introducing: SREG
•   Can consolidate all user information on your
    provider.
Introducing: SREG
•   Can consolidate all user information on your
    provider.
•   Parcel out relevant information to consumers
    through SREG.
Introducing: SREG
•   Can consolidate all user information on your
    provider.
•   Parcel out relevant information to consumers
    through SREG.
    •   Example: Is user subscribed to consumer1’s
        newsletter? Only consumer1 cares.
Introducing: SREG
•   Can consolidate all user information on your
    provider.
•   Parcel out relevant information to consumers
    through SREG.
    •   Example: Is user subscribed to consumer1’s
        newsletter? Only consumer1 cares.
•   Sync only occurs on login, probably still want
    to do some background syncing.
Result
Result
•   User with account visits consumer1.mydomain.com for
    the first time and clicks the login link.
Result
•   User with account visits consumer1.mydomain.com for
    the first time and clicks the login link.

•   User redirected to id.mydomain.com to login.
Result
•   User with account visits consumer1.mydomain.com for
    the first time and clicks the login link.

•   User redirected to id.mydomain.com to login.

    •   Ajax allows this to all happen in the background.
Result
•   User with account visits consumer1.mydomain.com for
    the first time and clicks the login link.

•   User redirected to id.mydomain.com to login.

    •   Ajax allows this to all happen in the background.

    •   Just uses username (e.g. “user1”), doesn’t have to worry
        about URIs.
Result
•   User with account visits consumer1.mydomain.com for
    the first time and clicks the login link.

•   User redirected to id.mydomain.com to login.

    •   Ajax allows this to all happen in the background.

    •   Just uses username (e.g. “user1”), doesn’t have to worry
        about URIs.

    •   New User created on consumer1 linked to OpenID.
Result
•   User with account visits consumer1.mydomain.com for
    the first time and clicks the login link.

•   User redirected to id.mydomain.com to login.

    •   Ajax allows this to all happen in the background.

    •   Just uses username (e.g. “user1”), doesn’t have to worry
        about URIs.

    •   New User created on consumer1 linked to OpenID.

•   User clicks login on consumer2.myotherdomain.com,
    automatically logged in with no username or password
    entry.
Catches
Catches
• Biggest one is session cookies:
Catches
• Biggest one is session cookies:
 • Consumer1, consumer2, and provider all
    have different session cookies.
Catches
• Biggest one is session cookies:
 • Consumer1, consumer2, and provider all
    have different session cookies.
 • User logs out of consumer1, you redirect
    to also log out of provider and then
    return, the user is still logged in on
    consumer2. May or may not be a
    problem.
In conclusion
Urls:
• https://launchpad.net/django-openid-auth
• http://www.romke.net/django/
 openid_provider/
• http://www.janrain.com/openid-enabled
In conclusion
Will post a live example, a provider and two
consumers, after the weekend, plus source.
Look for a tweet to #djangocon.
Contact me if you have are curious or have
questions:
@florean
florea@wenatcheeworld.com

Contenu connexe

Similaire à Open ID and Django

Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018Adrian Roselli
 
Global Day of Coderetreat 2013 Chennai - JUGChennai
Global Day of Coderetreat 2013 Chennai - JUGChennaiGlobal Day of Coderetreat 2013 Chennai - JUGChennai
Global Day of Coderetreat 2013 Chennai - JUGChennaiRajmahendra Hegde
 
Surviving a Hackathon and Beyond
Surviving a Hackathon and BeyondSurviving a Hackathon and Beyond
Surviving a Hackathon and Beyondimoneytech
 
RIAction Social Applications in the Cloud 20090226
RIAction Social Applications in the Cloud 20090226RIAction Social Applications in the Cloud 20090226
RIAction Social Applications in the Cloud 20090226Vinoaj Vijeyakumaar
 
Defcon 23 - David Huerta - alice and bob are really confused
Defcon 23 - David Huerta - alice and bob are really confusedDefcon 23 - David Huerta - alice and bob are really confused
Defcon 23 - David Huerta - alice and bob are really confusedFelipe Prado
 
Futuropolis 2058 Singapore - OpenSocial, a standard for the social web
Futuropolis 2058 Singapore - OpenSocial, a standard for the social webFuturopolis 2058 Singapore - OpenSocial, a standard for the social web
Futuropolis 2058 Singapore - OpenSocial, a standard for the social webPatrick Chanezon
 
Selfish Accessibility: UXSG 2014
Selfish Accessibility: UXSG 2014Selfish Accessibility: UXSG 2014
Selfish Accessibility: UXSG 2014Adrian Roselli
 
Live Demo from JavaOne
Live Demo from JavaOneLive Demo from JavaOne
Live Demo from JavaOneTrisha Gee
 
Internet101 Presentation
Internet101 PresentationInternet101 Presentation
Internet101 Presentationmacfam6
 
The business case for contributing code
The business case for contributing codeThe business case for contributing code
The business case for contributing codeZivtech, LLC
 
Taking your Site from One to One Million Users by Kevin Rose
Taking your Site from One to One Million Users by Kevin RoseTaking your Site from One to One Million Users by Kevin Rose
Taking your Site from One to One Million Users by Kevin RoseCarsonified Team
 
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...CloudBees
 
CI doesn’t start with Jenkins
CI doesn’t start with JenkinsCI doesn’t start with Jenkins
CI doesn’t start with JenkinsYuriy Rochnyak
 
Technology-Based Reference Interview Workshop
Technology-Based Reference Interview WorkshopTechnology-Based Reference Interview Workshop
Technology-Based Reference Interview Workshopbibliotecaria
 
WebGL Camp 4 - A3 3D Engine
WebGL Camp 4 - A3 3D EngineWebGL Camp 4 - A3 3D Engine
WebGL Camp 4 - A3 3D Engineaerotwist
 
Social dev camp_2011
Social dev camp_2011Social dev camp_2011
Social dev camp_2011Craig Ulliott
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 
Docs or it didn’t happen
Docs or it didn’t happenDocs or it didn’t happen
Docs or it didn’t happenAll Things Open
 

Similaire à Open ID and Django (20)

Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018
 
Global Day of Coderetreat 2013 Chennai - JUGChennai
Global Day of Coderetreat 2013 Chennai - JUGChennaiGlobal Day of Coderetreat 2013 Chennai - JUGChennai
Global Day of Coderetreat 2013 Chennai - JUGChennai
 
Surviving a Hackathon and Beyond
Surviving a Hackathon and BeyondSurviving a Hackathon and Beyond
Surviving a Hackathon and Beyond
 
talk
talktalk
talk
 
UCLA HACKU'11
UCLA HACKU'11UCLA HACKU'11
UCLA HACKU'11
 
RIAction Social Applications in the Cloud 20090226
RIAction Social Applications in the Cloud 20090226RIAction Social Applications in the Cloud 20090226
RIAction Social Applications in the Cloud 20090226
 
Defcon 23 - David Huerta - alice and bob are really confused
Defcon 23 - David Huerta - alice and bob are really confusedDefcon 23 - David Huerta - alice and bob are really confused
Defcon 23 - David Huerta - alice and bob are really confused
 
Futuropolis 2058 Singapore - OpenSocial, a standard for the social web
Futuropolis 2058 Singapore - OpenSocial, a standard for the social webFuturopolis 2058 Singapore - OpenSocial, a standard for the social web
Futuropolis 2058 Singapore - OpenSocial, a standard for the social web
 
Selfish Accessibility: UXSG 2014
Selfish Accessibility: UXSG 2014Selfish Accessibility: UXSG 2014
Selfish Accessibility: UXSG 2014
 
Live Demo from JavaOne
Live Demo from JavaOneLive Demo from JavaOne
Live Demo from JavaOne
 
Internet101 Presentation
Internet101 PresentationInternet101 Presentation
Internet101 Presentation
 
The business case for contributing code
The business case for contributing codeThe business case for contributing code
The business case for contributing code
 
Taking your Site from One to One Million Users by Kevin Rose
Taking your Site from One to One Million Users by Kevin RoseTaking your Site from One to One Million Users by Kevin Rose
Taking your Site from One to One Million Users by Kevin Rose
 
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
 
CI doesn’t start with Jenkins
CI doesn’t start with JenkinsCI doesn’t start with Jenkins
CI doesn’t start with Jenkins
 
Technology-Based Reference Interview Workshop
Technology-Based Reference Interview WorkshopTechnology-Based Reference Interview Workshop
Technology-Based Reference Interview Workshop
 
WebGL Camp 4 - A3 3D Engine
WebGL Camp 4 - A3 3D EngineWebGL Camp 4 - A3 3D Engine
WebGL Camp 4 - A3 3D Engine
 
Social dev camp_2011
Social dev camp_2011Social dev camp_2011
Social dev camp_2011
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
 
Docs or it didn’t happen
Docs or it didn’t happenDocs or it didn’t happen
Docs or it didn’t happen
 

Dernier

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Dernier (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Open ID and Django

  • 1. OpenID... and Django Nathan Florea The Wenatchee World
  • 3. What is OpenID? • An open standard for decentralized authentication.
  • 4. What is OpenID? • An open standard for decentralized authentication. • Internet-based single sign-on.
  • 5. What is OpenID? • An open standard for decentralized authentication. • Internet-based single sign-on. • Unique identities based on URIs (or XRIs, if anyone cares).
  • 6. What is OpenID? • An open standard for decentralized authentication. • Internet-based single sign-on. • Unique identities based on URIs (or XRIs, if anyone cares). • A failure.
  • 9. Why? • Here’s two reasons: • Unwieldy, unfriendly usernames.
  • 10. Why? • Here’s two reasons: • Unwieldy, unfriendly usernames. • Isn’t very useful.
  • 12. Unwieldy usernames • I was excited about OpenID.
  • 13. Unwieldy usernames • I was excited about OpenID. • I set one up for my dad.
  • 14. Unwieldy usernames Me: Hey, Dad, I'm going to set you up with an OpenID. It'll be http:// openid.thefloreas.com/blahblah/urlghetto/ carl. Now you'll be able to use that and a single password to log in to some sites instead of having to create five different accounts all named carlflorea using the same, single password. Isn't that cool?
  • 15. Unwieldy usernames Dad: What would my username be again?
  • 17. Unwieldy usernames Dad: Umm, did you see the Sounders game last night?
  • 18. Unwieldy usernames Me: No, but I'm going to watch it lat-
  • 23. Unwieldy usernames • A failure. • Turns out, my friends and family (“users”) don’t like URLs.
  • 24. Unwieldy usernames • A failure. • Turns out, my friends and family (“users”) don’t like URLs. • Here’s one of their URLs: “google Wenatchee falling cow.”
  • 25. Unwieldy usernames • A failure. • Turns out, my friends and family (“users”) don’t like URLs. • Here’s one of their URLs: “google Wenatchee falling cow.” • Except Weird Uncle Tom, who says “bing Wenatchee falling cow”.
  • 26. Unwieldy usernames • A failure. • Turns out, my friends and family (“users”) don’t like URLs. • Here’s one of their URLs: “google Wenatchee falling cow.” • Except Weird Uncle Tom, who says “bing Wenatchee falling cow”. • (we don’t talk to Uncle Tom.)
  • 28. Not very useful • OpenID provides authentication.
  • 29. Not very useful • OpenID provides authentication. • OpenID doesn’t provide anything else.
  • 30. Not very useful • OpenID provides authentication. • OpenID doesn’t provide anything else. • My friends and family (“users”) use Facebook.
  • 31. Not very useful • OpenID provides authentication. • OpenID doesn’t provide anything else. • My friends and family (“users”) use Facebook. • They expect more.
  • 33. Not very useful • Simon Willison launched a new social conference directory site, http://lanyrd.com.
  • 34. Not very useful • Simon Willison launched a new social conference directory site, http://lanyrd.com. • Simon Willison is a huge supporter of OpenID.
  • 35. Not very useful • Simon Willison launched a new social conference directory site, http://lanyrd.com. • Simon Willison is a huge supporter of OpenID. • Lanyrd only authenticates through Twitter.
  • 37. Not very useful • He took some flack for that.
  • 38. Not very useful • He took some flack for that. • His explanation: I spent the best part of three years advocating OpenID not just because of a belief in openness, but because of the things I wanted to build with it. I wanted to build sites that already knew about you before you even signed in. I wanted to be able to pull in information about you and your relationships from other providers. I wanted to use your public, globally unique ID to share (non creepy) information about you with other sites. Then I got bored of waiting. By plugging in to the Twitter ecosystem I get all of those advantages, but I can actually build something successful and popular today.
  • 40. Not very useful • Developers and users are willing to give up some control of their online identity in exchange for cool stuff.
  • 41. Not very useful • Developers and users are willing to give up some control of their online identity in exchange for cool stuff. • Twitter, Facebook, Google provide authentication PLUS a social graph.
  • 43. and Django • Well, not a total failure.
  • 44. and Django • Well, not a total failure. • Very cool technology.
  • 45. and Django • Well, not a total failure. • Very cool technology. • Internet-based single sign-on.
  • 46. and Django • Well, not a total failure. • Very cool technology. • Internet-based single sign-on. • Where is that useful?
  • 48. and Django • You have multiple, cool Django sites.
  • 49. and Django • You have multiple, cool Django sites. • You are building more all the time.
  • 50. and Django • You have multiple, cool Django sites. • You are building more all the time. • You want your users to be able to use a single account for all of your sites.
  • 51. and Django • You have multiple, cool Django sites. • You are building more all the time. • You want your users to be able to use a single account for all of your sites. • Solution:
  • 52. and Django • You have multiple, cool Django sites. • You are building more all the time. • You want your users to be able to use a single account for all of your sites. • Solution: • Facebook!
  • 54. and Django • No. You want:
  • 55. and Django • No. You want: • Control.
  • 56. and Django • No. You want: • Control. • Something simple.
  • 57. and Django • No. You want: • Control. • Something simple. • With wide support.
  • 58. and Django • No. You want: • Control. • Something simple. • With wide support. • You don’t need a social graph.
  • 59. and Django • No. You want: • Control. • Something simple. • With wide support. • You don’t need a social graph. • You only need your users to login.
  • 60. and Django • No. You want: • Control. • Something simple. • With wide support. • You don’t need a social graph. • You only need your users to login. • Solution:
  • 61. and Django • No. You want: • Control. • Something simple. • With wide support. • You don’t need a social graph. • You only need your users to login. • Solution: • OpenID!
  • 63. Integrating OpenID with Django • To use OpenID with Django, you need to:
  • 64. Integrating OpenID with Django • To use OpenID with Django, you need to: • Setup an OpenID provider, the server to authenticate against.
  • 65. Integrating OpenID with Django • To use OpenID with Django, you need to: • Setup an OpenID provider, the server to authenticate against. • Install an OpenID consumer app on all of your Django sites.
  • 67. OpenID Enabled • Lots of consumer apps, only a couple providers.
  • 68. OpenID Enabled • Lots of consumer apps, only a couple providers. • Everything based off Janrain’s OpenID libraries.
  • 69. OpenID Enabled • Lots of consumer apps, only a couple providers. • Everything based off Janrain’s OpenID libraries. • http://www.janrain.com/openid-enabled
  • 70. OpenID Enabled • Lots of consumer apps, only a couple providers. • Everything based off Janrain’s OpenID libraries. • http://www.janrain.com/openid-enabled • Every useful web language - and PHP.
  • 71. OpenID Enabled • Lots of consumer apps, only a couple providers. • Everything based off Janrain’s OpenID libraries. • http://www.janrain.com/openid-enabled • Every useful web language - and PHP. • For Python, openid.
  • 73. Setup the provider • We use openid_provider.
  • 74. Setup the provider • We use openid_provider. • Somewhat active development.
  • 75. Setup the provider • We use openid_provider. • Somewhat active development. • Works.
  • 76. Setup the provider • We use openid_provider. • Somewhat active development. • Works. • http://www.romke.net/django/openid_provider/
  • 78. Setup the provider • Unique URL for your OpenIDs.
  • 79. Setup the provider • Unique URL for your OpenIDs. • Example: http://id.mydomain.com/openid/
  • 80. Setup the provider • Unique URL for your OpenIDs. • Example: http://id.mydomain.com/openid/ • Pretty straightforward
  • 81. Setup the provider • Unique URL for your OpenIDs. • Example: http://id.mydomain.com/openid/ • Pretty straightforward • Will want to create a signal on User creation to create an OpenID at the same time.
  • 83. Setup the consumer • Launchpad’s django_openid_auth for consumer.
  • 84. Setup the consumer • Launchpad’s django_openid_auth for consumer. • Active development.
  • 85. Setup the consumer • Launchpad’s django_openid_auth for consumer. • Active development. • Authentication backend, integrates with Django User.
  • 86. Setup the consumer • Launchpad’s django_openid_auth for consumer. • Active development. • Authentication backend, integrates with Django User. • Allows URL “cheating.”
  • 87. Setup the consumer • Launchpad’s django_openid_auth for consumer. • Active development. • Authentication backend, integrates with Django User. • Allows URL “cheating.” • https://launchpad.net/django-openid-auth
  • 89. Setup the consumer • Install app on each Django site.
  • 90. Setup the consumer • Install app on each Django site. • Configure.
  • 91. Setup the consumer • Install app on each Django site. • Configure. • Allows “cheating” on the OpenID URLs.
  • 92. Setup the consumer • Install app on each Django site. • Configure. • Allows “cheating” on the OpenID URLs. • OPENID_SSO_SERVER_URL = “http:// id.mydomain/openid/”
  • 93. That’s good. But I want a little bit more...
  • 94. That’s good. But I want a little bit more... • That solves authentication.
  • 95. That’s good. But I want a little bit more... • That solves authentication. • But each Django site still duplicates a lot of user information.
  • 96. That’s good. But I want a little bit more... • That solves authentication. • But each Django site still duplicates a lot of user information. • How can I centralize that, too?
  • 98. Introducing: SREG • Simple Registration (SREG).
  • 99. Introducing: SREG • Simple Registration (SREG). • Extension to OpenID.
  • 100. Introducing: SREG • Simple Registration (SREG). • Extension to OpenID. • Allows consumers to request additional information from providers.
  • 101. Introducing: SREG • Simple Registration (SREG). • Extension to OpenID. • Allows consumers to request additional information from providers. • Very basic info, such as preferred username and e-mail, but:
  • 102. Introducing: SREG • Simple Registration (SREG). • Extension to OpenID. • Allows consumers to request additional information from providers. • Very basic info, such as preferred username and e-mail, but: • Extensible!
  • 104. Introducing: SREG • Can consolidate all user information on your provider.
  • 105. Introducing: SREG • Can consolidate all user information on your provider. • Parcel out relevant information to consumers through SREG.
  • 106. Introducing: SREG • Can consolidate all user information on your provider. • Parcel out relevant information to consumers through SREG. • Example: Is user subscribed to consumer1’s newsletter? Only consumer1 cares.
  • 107. Introducing: SREG • Can consolidate all user information on your provider. • Parcel out relevant information to consumers through SREG. • Example: Is user subscribed to consumer1’s newsletter? Only consumer1 cares. • Sync only occurs on login, probably still want to do some background syncing.
  • 108. Result
  • 109. Result • User with account visits consumer1.mydomain.com for the first time and clicks the login link.
  • 110. Result • User with account visits consumer1.mydomain.com for the first time and clicks the login link. • User redirected to id.mydomain.com to login.
  • 111. Result • User with account visits consumer1.mydomain.com for the first time and clicks the login link. • User redirected to id.mydomain.com to login. • Ajax allows this to all happen in the background.
  • 112. Result • User with account visits consumer1.mydomain.com for the first time and clicks the login link. • User redirected to id.mydomain.com to login. • Ajax allows this to all happen in the background. • Just uses username (e.g. “user1”), doesn’t have to worry about URIs.
  • 113. Result • User with account visits consumer1.mydomain.com for the first time and clicks the login link. • User redirected to id.mydomain.com to login. • Ajax allows this to all happen in the background. • Just uses username (e.g. “user1”), doesn’t have to worry about URIs. • New User created on consumer1 linked to OpenID.
  • 114. Result • User with account visits consumer1.mydomain.com for the first time and clicks the login link. • User redirected to id.mydomain.com to login. • Ajax allows this to all happen in the background. • Just uses username (e.g. “user1”), doesn’t have to worry about URIs. • New User created on consumer1 linked to OpenID. • User clicks login on consumer2.myotherdomain.com, automatically logged in with no username or password entry.
  • 116. Catches • Biggest one is session cookies:
  • 117. Catches • Biggest one is session cookies: • Consumer1, consumer2, and provider all have different session cookies.
  • 118. Catches • Biggest one is session cookies: • Consumer1, consumer2, and provider all have different session cookies. • User logs out of consumer1, you redirect to also log out of provider and then return, the user is still logged in on consumer2. May or may not be a problem.
  • 119. In conclusion Urls: • https://launchpad.net/django-openid-auth • http://www.romke.net/django/ openid_provider/ • http://www.janrain.com/openid-enabled
  • 120. In conclusion Will post a live example, a provider and two consumers, after the weekend, plus source. Look for a tweet to #djangocon. Contact me if you have are curious or have questions: @florean florea@wenatcheeworld.com