mod_python OpenID Access Control

Since XRI is pretty much in bed with OpenID and NeuStar is an XRI shop, I get to play around with it quite a bit.

Here’s a little success report about using JanRain‘s mpopenid module to protect certain restricted resources served by Apache. It works somewhat like your basic HTTP authentication, but instead of returning a 401 Authorization Required response causing the browser to prompt for username and password, it redirects you to the OpenID login page. Pretty neat eh?

So, here's how we go about doing it.

My ingredients:

Following the recipes in this README file, I was able to set it up with one caveat: Python ElementTree module is a dependency of the Python Yadis library and you need to first install that.

Did I mention that you could login using an I-name?

UPDATE:

The following patch for mpopenid.py is needed to make i-name login work:

--- mpopenid-1.2.0-pre5/mpopenid.py     Tue Nov 21 20:24:53 2006
+++ mpopenid-1.2.0-pre5-wil/mpopenid.py Sun Jan 14 16:12:16 2007
@@ -157,10 +157,17 @@
         url = s.strip()
         if not url:
             continue
-        parsed = urlparse.urlparse(url)
-        if not (parsed[0] and parsed[1]):
-            url = 'http://' + url
-        urls.append(urinorm(url))
+
+        if (url[0:6].lower() == "xri://"):
+            url = url[6:] # strip "xri://"
+
+        if (url[0] not in "=@!$+"): # doesn't look like an XRI
+            parsed = urlparse.urlparse(url)
+            if not (parsed[0] and parsed[1]):
+                url = 'http://' + url
+            url = urinorm(url)
+
+        urls.append(url)

     return urls


10 Responses to “mod_python OpenID Access Control”

  1. dready blog v2.0 » Blog Archive » This blog is OpenID enabled! Says:

    […] dready blog v2.0 « mod_python OpenID Access Control […]

  2. =wil Says:

    This is a test

  3. Does Google use PageRank? No. at 天真:天眞的我们必然幸福 Says:

    […] 15th, 2007 · Filed: WordPress · OpenID · No Comments · Popularity: 1% # mod_python OpenID Access Control Here’s a little success reportabout using JanRain’s mpopenid module to protect certain restricted resources served by Apache. It works somewhat like your basic HTTP authentication, but instead of returning a 401 Authorization Required response causing the browser to prompt for username and password, it redirects you to the OpenID login page. Pretty neat eh? […]

  4. http://if20.net/ Says:

    Nice job. I will test it in my PC. Thanks.

  5. http://openid.aol.co Says:

    Every AOL account now has its own openID

    http://journals.aol.com/panzerjohn/abstractioneer

    Trying mine

  6. http-awz.openid.freelogy.org- Says:

    Thanks for the entry. –awz

  7. =gmw Says:

    Thats awesome wil. Can I join the Cult of Wil Worshipers?

  8. wil Says:

    @=gmw You have to first pay $100K to join the FeedWil Foundation first.

  9. infomisa.net» Blog Archive » OpenID "Hello World" on apache still deep magic Says:

    […] to find a version of python-openid that matched. I almost gave up at that point, but heartened by somebody else who got mpopenid working, I went back to searching and found a launchpad development version of mpopenid. That seems to work […]

  10. Frank van Soldt Says:

    Hey sweet little mod you made there. Thanks for the entry.