Skip to main content

A view for pyramid that functions as an OpenID consumer.

Project description

pyramid_fas_openid provides a view for the Pyramid framework that acts as an OpenID consumer for the Fedora Account System.

This code is offered under the BSD-derived Repoze Public License.

Much of this code was inspired by (read: ‘lifted from’) the repoze.who.plugins.openid code which can be found here:

In your Pyramid app, add the pyramid_openid.verify_openid view_callable to your view_configuration, and add the needed settings to your .ini file.

Here is a barebones setup: = file = %(here)s/sstore openid.success_callback = myapp.lib:remember_me

This setup requires you have a folder in your app directory called ‘sstore’, and that you have a callback function in your lib module named “remember_me”. Remember_me will receive the current request and the other information returned from the OpenID provider, and should then do whatever is needed to remember the user -, load metadata into the session, etc - that part is completely up to the coder.

This setup will then assume the defaults for the rest of the keys.

Once the configuration is in place, it’s time to hook up the view to the application. You can do this however you want to.

Example: In your app config setup code, add this line before ‘return config.make_wsgi_app()’


pattern=’/dologin.html’, view=’pyramid_openid.verify_openid’)

Now you have a URL to submit your OpenID form to: /dologin.html. Based on the configuration above, it expects to find the user’s OpenID URL in request.params[‘openid’].


OpenID Data Store


Description: This determines the type of store python-openid will use to track nonces and other cross request data. Note that this defaults to None, which has python-openid use a stateless request type. Stateless mode isn’t reliable; something else should be chosen. File and mem are recommended.

The SQL store has yet to be tested or even verified working. It is also not recommended.

Default: None

Examples: To use a file store: ( must also be specified) = file

To use a memory store: = mem

To use a sql store: ( and must also be specified) THIS IS NOT TESTED AND DOES NOT WORK = sql


Successful Login Callback

Key: openid.success_callback

Description: This is a callable that will be called upon successful verification by the OpenID provider. The callable will be passed three parameters; the current context, the current request, and a dictionary with the following structure:

    'identity_url': The user's unique URL from the provider,
    'ax':           A dictionary containing all the returned
            active exchange parameters requested,
    'sreg':         A list containing all the returned
            simple registration parameters requested

This callback is required to have the following format: module.optional_submodules:function

What is returned from this callable is return as the response.

Default: None

Example: If the callback is in the lib module of the my app package, and is named openid_callback, then this is the setting to be used: openid.success_callback = myapp.lib:openid_callback


Keys: openid.ax_required openid.ax_optional

Description: These represent user data requested via OpenID Attribute Exchange.

Default: None

Example: To require that the provider respond with the user’s email: openid.ax_required = email=


Keys: openid.sreg_required openid.sreg_optional

Description: These represent user data requested via OpenID Simple Registration.

Default: None

Example: To require that the provider respond with the user’s email: openid.sreg_required = email

Incoming OpenID Param Name:

Key: openid.param_field_name

Description: When a request is first submitted with the user’s OpenID URL, it must be retrieved from request.params with a key. This is the name of that key in request.params.

Default: openid

Examples: Once submitted, the user’s OpenID URL will be found in request.params[‘users_openid_url’]: openid.param_field_name = users_openid_url

Error Destination

Key: openid.error_destination

Description: When something in the OpenID verification process fails, the user will be sent to this url. The error message will be stored in the request.session.flash queue as specified by openid.error_flash_queue

Default: request.referrer

Example: To send the user to a upon failure: openid.error_destination =

Error Flash Queue

Key: openid.error_flash_queue

Description: If something goes awry in the OpenID process, the error message will be put in the request.session.flash message queue, and this is the name of that queue.

Default: The default flash queue (‘’)

Example: To put the error messages in the ‘OpenIDErrors’ flash queue: openid.error_flash_queue=OpenIDErrors

Realm Name

Key: openid.realm_name

Description: This is the value of the realm parameter passed to the OpenID provider. It’s here for the sake of completeness, but unless you know what you’re doing there’s no reason to change it.

Default: request.host_url

Example: To set the Realm to ‘’: openid.realm_name =

Note: Changing the realm_name will most likely cause your request to fail.


File Store Path


Description: If the file store path is to be used, then it needs a writable folder to store data into. This is that path.

Default: No default

Example: To store data in the folder named “sstore” in the same folder as your development.ini: (Note that you must make this directory as well) = %(here)s/sstore

SQL Connection String


Description: This is the connection string for the database for python-openid to store its temporary data in. THIS HAS NOT BEEN TESTED AND DOES NOT WORK YET.

Default: No default

SQL Associations Table


Description: This is the name of the table that python-openid will store is temporary data in. THIS HAS NOT BEEN TESTED AND DOES NOT WORK YET.

Default: No default

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyramid_fas_openid-0.4.0.tar.gz (8.9 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page