dlo.me

OpenID, Clickpass, web.py, and Python

I just spent a few hours working on implementing Clickpass with my new project built on web.py, so I figured I could save everyone else some time by giving some tips on how to fast forward to the actual development of what it is you want to make instead of tweaking configuration files.

OpenID is nearly ubiquitous at this point. If you don't think you have an OpenID login, you probably do and just don't know it. Google, Yahoo, Facebook, and others have already implemented the protocol into their backends.

What does that mean?

Well, for one, as someone who's starting a new website or a web application, you don't need to worry about storing passwords or causing potential users a small annoyance by having to fill in yet another registration form.

This is how login works in an OpenID world: a user goes to a website and clicks a "Login with OpenID" button. They are then redirected to a choice of providers (e.g. Google, Yahoo) that run all of their user accounts as OpenID accounts as well. You click your provider (let's say Google) and are then asked one more time whether it's OK to login with Google. You click sure, and you're brought back to the website and, "ta da", you're now logged in.

This all seems really dandy from the user's perspective. Unfortunately there's a ton of developer mumbo-jumbo on the backend side that will make most developers puke. You can read the specs if you'd like, but I recommend that you don't. Chances are that you won't be able to finish.

As a consumer (website owner), you will need a way to authenticate users with OpenID. I chose Clickpass. They offer a nice interface with a couple of choices for providers. With Clickpass, you will need to make (at minimum) two URLs to facilitate the logins. One will begin the authentication process, and another will complete it.

Now for the fun part: implementation. I can't give an example use in every language (that would just be a waste of time), but I can show you how this entire process is done in Python, web.py, and the python-openid library. If you want me to walk you through the entire installation process, let me know in the comments and I'll write a follow up post.

Without further adieu, here is the working code. Be sure that you sign up with Clickpass and receive a site key. Replace all the variables with the appropriate values.

#!/usr/bin/env python

import web
from openid.consumer.consumer import *

# Store OpenID session variables in memory
store = openid.store.memstore.MemoryStore()

# Get this from the Clickpass website
clickpass_site_key = YOUR_SITE_KEY

# Can be something like "/openid/complete_login"
complete_login_url = YOUR_COMPLETE_LOGIN_URL

# Your base domain, e.g., "http://google.com"
realm = YOUR_REALM
 
urls = (
    "/", "home",
    "/begin_openid_login", 'begin_openid_login',
    "/complete_openid_login", 'complete_openid_login'
    )
 
app = web.application(urls, locals())
 
class home():
  def GET(self):
    return """<style> @import
    'http://www.clickpass.com/stylesheets/container.css'; </style> <div
    id="clickpass_button" style="width: 136px; height: 18px; position:
    relative; z-index : 9999 ;"> <iframe
    src="http://www.clickpass.com/embedded_buttons/login/%s" width="136"
    height="18" frameborder="0" allowtransparency="true" scrolling="no"
    style="z-index:9999;position: absolute; top: 0; left: 0;"></iframe> </div>
    <script type="text/javascript"
    src="http://www.clickpass.com/javascripts/ClickpassPanel.class.external.js?v1"></script>
    <script type="text/javascript">  var clickpassPanel = new
    ClickpassPanel('clickpass_button');</script>""" % clickpass_site_key
 
class complete_openid_login():
  def GET(self):
    data = web.input()
    c = Consumer(web.ctx.session, store)
    result = c.complete(dict(data), current_url = complete_login_url)
    if result.status == SUCCESS:
      return result.identity_url
    elif result.status == FAILURE:
      return "FAILURE"
    elif result.status == CANCEL:
      return "CANCEL"
 
class begin_openid_login():
  def GET(self):
    data = web.input()
    openid_url = data['openid_url']
    c = Consumer(web.ctx.session, store)
    auth = c.begin(openid_url)
    raise web.seeother(auth.redirectURL(realm, return_to = complete_login_url))

Originally posted at http://dloewenherz.blogspot.com/2010/01/openid-clickpass-webpy-and-python.html