tags:

views:

227

answers:

2
+2  Q: 

How does Google generate its OpenID claimed_id tokens?

I'm using the django_openid_auth module and have it configured to automatically create new user accounts for new OpenIDs. This makes the "sign up" process really trivial, but I'm a bit worried that because of the way that Google generates it's OpenID tokens it might accidentally create a new account for an existing user, giving them the impression the data in their original account has been lost.

As far as I can tell, Google will generate different claimed ID tokens for different domain names. That is www.site.com and site.com would create two distinct tokens and therefore two accounts in my system. I've fixed that by redirecting www.site.com to site.com.

Are there any other gotchas I need to be aware of? And can anyone point me in the direction of some details on what Google use to generate the ID?

A: 

StackOverflow had the same problems with different hash OpenID tokens. They detail there problems and a possible solution (Google profiles) on StackOverflow blog.

http://blog.stackoverflow.com/2009/11/google-offers-named-openids/

Steven smethurst  2009-12-09 18:09:43
Profiles require the user to preemptively solve a problem they don't know they have, so I don't think that helps.
Tom  2009-12-10 00:44:30
+2  A: 

From the docs:

openid.realm

Authenticated realm. Identifies the domain that the end user is being asked to trust. (Example: "http://*.myexamplesite.com") This value must be consistent with the domain defined in openid.return_to. If this parameter is not defined, Google will use the URL referenced in openid.return_to.

The value of realm is used on the Google Federated Login page to identify the requesting site to the user. It is also used to determine the value of the persistent user ID returned by Google.

Bob Aman  2009-12-09 18:45:17
So by the URL, I'm assuming that includes the path, not just the domain? That could explain it, as the return_to could be a deep link into the site...
Tom  2009-12-10 00:43:20
And if I add the realm now, will it mess up existing IDs Google has generated?
Tom  2009-12-10 01:20:20
Ok, digging through the django_openid_auth code, I can see it does set openid.realm correctly, to the root url of the site/domain.
Tom  2009-12-10 02:07:49
You should read the section of the OpenID spec that applies to `openid.realm` for the precise details of this field: http://openid.net/specs/openid-authentication-2_0.html#realms
Bob Aman  2009-12-10 18:24:10

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django