How can I add my own OpenID provider to login and hide the others?

Question

I want to use only one openid provider (one from intranet) and hide the others from the login page. I did this for the old cnprog project but many things had changed since I did it.

How can I change this and assure that I will be able to update to newer versions of osqa.

Some issues encountered:

twitter and facebook are still on login
what about forum/skins/default/media/js/jquery.openid.js ? this contains referrences to specific providers. Am I required to add mine there too?
we need some options in the settings file to customize the login like hide_openid_url, hide_local_account, ...
how do I auto-assign usernames to the username used in openid form.
how do I auto-assign email to username@somedomain.com in order to prevent second step after openid login was successful.
email notification template, the link name contains and additional "%}" in it.

Accepted Answer

Hey Sorin, if you take a look at forum_modules/openidauth/authentication.py, theres a bunch of classes each one representing a provider. You can just comment the ones you don't want and/or create your own, they are very simple to understand.

If you want to disable Twitter and facebook as well, you'll have to disable the respective models in settings_local on DISABLED__MODULES add facebookauth and oauthauth. They are different modules because they are not open id. So we have openidauth for open id, oauthauth for oauth (currently we only use it on twitter) and facebookauth which uses theyr own authentication system, much different from either open id and oauth.

If you don't want to allow local account creation/authentication and only use open id, you can disable localauth to.

Actually, you gave me an idea, and I should add an easier way to do this somewhere on the next few days.

Answer 2

1

Just letting people know that I am advancing on the problem. Direct login now works, managed by an optional constant DIRECT_AUTH_PROVIDER in settings. The id providers now returns the user to the page they were on (it even works when authentication is requested halfway through posting a comment).

Soon I hope to have a complete shareable feature.

link

answered 14 Dec '10, 00:29

kandinski
16●2
accept rate: 0%

Answer 3

This is exactly what I wanted to do. My solution:

a) Copied openidauth module to intranetauth and ripped everything out except for the code for Google OpenID, and modified the url with the intranet url.

b) Disabled modules in settings_local.py

DISABLED_MODULES = ['books', 'recaptcha', 'project_badges', 'facebookauth', 'localauth', 'oauthauth', 'openidauth']

c) Added this change:

kandinski@derive:~/data/work/intranet/OSQA$ git diff
diff --git a/forum/registry.py b/forum/registry.py
index ff5a115..049ca53 100644
--- a/forum/registry.py
+++ b/forum/registry.py
@@ -13,7 +13,7 @@ ui.register(ui.HEADER_LINKS,

ui.Link(
                     text=lambda u, c: u.is_authenticated() and _('logout') or _('login'),
-                    url=lambda u, c: u.is_authenticated() and reverse('logout') or reverse('auth_signin'),
+                    url=lambda u, c: u.is_authenticated() and reverse('logout') or '/account/intranet/signin/?validate_email=no', weight=200),

ui.Link(

However, this creates a problem.

Before this change, if a user was reading a question before clicking on "login", the OpenID provider would end up redirecting them to that page after a successful login.

After this change, a successful login means the user doesn't return to the page they were reading when they clicked "login", but to the root page of the osqa site.

I am also trying to figure out how to have the OpenID provider give back the username and email address associated with the original account, so osqa doesn't prompt the user for it.

Has anyone worked on this problem?

How can I add my own OpenID provider to login and hide the others?

Follow this question

Learn more about OSQA

Related questions