DjangoSites Gets OpenID Support

Posted by Ross Poulton on Thu 17 April 2008 #djangosites #django #openid

OpenID is, in my opinion, critical in the success of an open web. It allows an individual to access websites without providing that website with a password, and it provides a single identity across non-homogeneous websites.

Generally speaking, it also makes the signup process for a website much simpler. Rather than the traditional method of finding a username that isn't yet in use, entering a password, verifying your e-mail address, then selling your firstborn, with a system such as OpenID you simply enter your OpenID Identifier (typically, but not necessarily the web address of your weblog) and click 'Signup'. You then verify your username and password with your OpenID Provider (the only username & password you should have to remember) who returns you to the original website with a token saying "Yep, this really is the guy who says he's"

There are plenty of descriptions of OpenID works, so I won't harp on about it too long. Lets just say that I think it's an important development in todays web.

Django got it's first dose of the OpenID 'syrup' from Simon Willison, who released his efforts as django_openidconsumer. This application lets you use OpenID on your website, however it doesn't provide any integration (yet) with the existing Django Authentication framework.

Soon after Simon's release, a number of people provided their own ways of integrating OpenID with Django's auth, including a messy codebase that I wrote. I personally didn't think any of these were ready for the prime-time, so until now I hadn't implemented OpenID on any public Django facing websites.

That changed recently when I came across django_authopenid, written by Benoit Chesneau. His code is much more complete than mine, and with a few minor changes (most of which I've submitted back to the project for others to use) I've been able to very easily add OpenID support to DjangoSites.

As of today, you can continue to use your existing username & password, or you can use OpenID. To use OpenID, simply log in using your OpenID and you'll be given the option to attach your OpenID to an existing account (if you've already signed up with a username & password) or create a new account tied directly to your OpenID (no password required!).

Once you're logged in, there are also a few new user features including easier access to your previously submitted sites, the ability to change your password, and the ability to delete your account entirely if you wish.

OpenID is starting to make more of an impact on various websites. Simon Willisons' Django People website already has OpenID support, and I hope others in the Django community follow his excellent lead.