Issue 404 is the key to getting OpenID working on Google App Engine but currently it only has 10 stars.
Please star Issue 404 to get OpenID support on Google App Engine.
(Please add a star, _not_ a "me too" comment which will get emailed to everyone who has starred the issue and may cause other people to unstar it.)
Ryan Barrett from the Google App Engine team has built both OpenID provider and OpenID consumer libraries (open source) that you can reach at http://openid-provider.appspot.com/ and http://openid-consumer.appspot.com/ (uses version 2.1.1 of JanRain's OpenID library and is compatible with OpenID 2.0 providers).
Once this bug is fixed, those existing libraries will just work and we will have OpenID support on Google App Engine.
Please star Issue 404 so OpenID doesn't stay 404 on Google App Engine.
Update: Ryan just updated me that the issue we should be starring for this is
Issue 404 not Issue 17.
You can almost but not quite create an OpenID consumer on Google App Engine today using python-openid.
Unfortunately, redirects to external OpenID providers are failing and Google currently does not think that this is a high priority to fix (this is where you can help, read on.)
Ryan from the Google App Engine team had this to say:
We do intercept some redirects for security reasons, which breaks apps like openid consumers and providers. This is why http://openid-provider.appspot.com/ currently fails on many consumers.
It's not a high priority, but we do plan to look into this eventually. Feel free to file an issue on the issue tracker and star it; if it gets enough votes, that will help convince us to prioritize the fix!
Ryan even has an open source OpenID consumer example* that would be working if it wasn't for this bug.
Read this thread on the forums for all the juicy details.
How you can help
There is already an issue where this is being discussed: Issue 17 - OpenID Support Issue 404 (When urlfetch.fetch is used to retrieve redirected web page, the new URL location is not given).
Please _star_ this issue to show your support and join the conversation on the forum.
*
svn checkout http://google-app-engine-samples.googlecode.com/svn/trunk/ google-app-engine-samples-read-only to get the OpenID consumer example as well as the other Google App Engine examples.
Dion Almaer writes on
Ajaxian:
If a site groks OpenID the browser should be able to pass that over without having me intervene at all. It could hide the entire login process if we came up with a microformat to let all sides know what is going on. (OpenID and OAuth in the browser?)
Singularity is going to have OpenID as the only means of logon/registration but OpenID is far from perfect; especially for state-maintaining clients like Flash, Silverlight and Ajax-based RIAs. The change of context from an application to a web site for login is a very jarring user experience.
Thinking about this, I've come to the conclusion that we're trying to solve the problem at the wrong level: this is an issue that should be handled at the browser level. And we can solve it using existing technologies like OpenID.
Imagine, for example, if the browser knew of certain OpenID providers and understood an attempt to access an OpenID provider. The browser could intercept that request and, instead of taking the user to the OpenID provider's web site, it could display a browser login dialog box (branded with the OpenID provider's logo and the OpenID logo) and relay that information back to the application.
This way, a browser that doesn't understand OpenID would just stay out of the way and the user would have the standard OpenID authentication experience of being taken to the OpenID provider's web site. A browser that does understand OpenID, however, could provide a far superior user experience by keeping the user on the same site or application and handling the login via a browser login dialog.
I wonder how difficult it would be to create this as a FireFox plugin?
Recent Comments