1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>openid.server.server</title>
<link rel="stylesheet" href="epydoc.css" type="text/css"></link>
</head>
<body bgcolor="white" text="black" link="blue" vlink="#204080"
alink="#204080">
<!-- =========== START OF NAVBAR =========== -->
<table class="navbar" border="0" width="100%" cellpadding="0" bgcolor="#a0c0ff" cellspacing="0">
<tr valign="center">
<th class="navbar"> <a class="navbar" href="openid-module.html">Home</a> </th>
<th class="navbar"> <a class="navbar" href="trees.html">Trees</a> </th>
<th class="navbar"> <a class="navbar" href="indices.html">Index</a> </th>
<th class="navbar"> <a class="navbar" href="help.html">Help</a> </th>
<th class="navbar" align="right" width="100%">
<table border="0" cellpadding="0" cellspacing="0">
<tr><th class="navbar" align="center">
<p class="nomargin">
<a class="navbar" target="_top" href="http://openidenabled.com/python-openid/">Python-OpenID</a>
</p></th></tr></table>
</th>
</tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
<tr valign="top">
<td width="100%">
<font size="-1"><b class="breadcrumbs">
<a href="openid-module.html">Package openid</a> ::
<a href="openid.server-module.html">Package server</a> ::
Module server
</b></font></br>
</td>
<td><table cellpadding="0" cellspacing="0">
<tr><td align="right"><font size="-2">[<a href="frames.html"target="_top">frames</a> | <a href="openid.server.server-module.html" target="_top">no frames</a>]</font></td></tr>
</table></td>
</tr></table>
<!-- =========== START OF MODULE DESCRIPTION =========== -->
<h2 class="module">Module openid.server.server</h2>
OpenID server protocol and logic.
<h1 class="heading">Overview</h1>
An OpenID server must perform three tasks:
<ol start="1">
<li>
Examine the incoming request to determine its nature and
validity.
</li>
<li>
Make a decision about how to respond to this request.
</li>
<li>
Format the response according to the protocol.
</li>
</ol>
<p>The first and last of these tasks may performed by the <a
href="openid.server.server.Server-class.html#decodeRequest"
class="link"><code>decodeRequest</code></a> and <a
href="openid.server.server.Server-class.html#encodeResponse"
class="link"><code>encodeResponse</code></a> methods of the <a
href="openid.server.server.Server-class.html"
class="link"><code>Server</code></a> object. Who gets to do the
intermediate task -- deciding how to respond to the request -- will
depend on what type of request it is.</p>
<p>If it's a request to authenticate a user (a <a
name="index-checkid_setup"></a><i
class="indexterm"><code>checkid_setup</code></i> or <a
name="index-checkid_immediate"></a><i
class="indexterm"><code>checkid_immediate</code></i> request), you need
to decide if you will assert that this user may claim the identity in
question. Exactly how you do that is a matter of application policy,
but it generally involves making sure the user has an account with your
system and is logged in, checking to see if that identity is hers to
claim, and verifying with the user that she does consent to releasing
that information to the party making the request.</p>
<p>Examine the properties of the <a
href="openid.server.server.CheckIDRequest-class.html"
class="link"><code>CheckIDRequest</code></a> object, optionally check
<a
href="openid.server.server.CheckIDRequest-class.html#returnToVerified"
class="link"><code>CheckIDRequest.returnToVerified</code></a>, and and
when you've come to a decision, form a response by calling <a
href="openid.server.server.CheckIDRequest-class.html#answer"
class="link"><code>CheckIDRequest.answer</code></a>.</p>
Other types of requests relate to establishing associations between
client and server and verifying the authenticity of previous
communications. <a href="openid.server.server.Server-class.html"
class="link"><code>Server</code></a> contains all the logic and data
necessary to respond to such requests; just pass the request to <a
href="openid.server.server.Server-class.html#handleRequest"
class="link"><code>Server.handleRequest</code></a>.
<h1 class="heading">OpenID Extensions</h1>
<p>Do you want to provide other information for your users in addition
to authentication? Version 2.0 of the OpenID protocol allows consumers
to add extensions to their requests. For example, with sites using the
<a
href="http://openid.net/specs/openid-simple-registration-extension-1_0.html">Simple
Registration Extension</a>, a user can agree to have their nickname and
e-mail address sent to a site when they sign up.</p>
<p>Since extensions do not change the way OpenID authentication works,
code to handle extension requests may be completely separate from the
<a href="openid.server.server.OpenIDRequest-class.html"
class="link"><code>OpenIDRequest</code></a> class here. But you'll
likely want data sent back by your extension to be signed. <a
href="openid.server.server.OpenIDResponse-class.html"
class="link"><code>OpenIDResponse</code></a> provides methods with
which you can add data to it which can be signed with the other data in
the OpenID signature.</p>
For example:
<pre class="literalblock">
# when request is a checkid_* request
response = request.answer(True)
# this will a signed 'openid.sreg.timezone' parameter to the response
# as well as a namespace declaration for the openid.sreg namespace
response.fields.setArg('http://openid.net/sreg/1.0', 'timezone', 'America/Los_Angeles')
</pre>
There are helper modules for a number of extensions, including <a
href="openid.extensions.ax-module.html" class="link"><code>Attribute
Exchange</code></a>, <code>PAPE</code>, and <a
href="openid.extensions.sreg-module.html" class="link"><code>Simple
Registration</code></a> in the <a href="openid.extensions-module.html"
class="link"><code>openid.extensions</code></a> package.
<h1 class="heading">Stores</h1>
The OpenID server needs to maintain state between requests in order
to function. Its mechanism for doing this is called a store. The store
interface is defined in <code><a
href="openid.store.interface.OpenIDStore-class.html"
class="link"><code>openid.store.interface.OpenIDStore</code></a></code>.
Additionally, several concrete store implementations are provided, so
that most sites won't need to implement a custom store. For a store
backed by flat files on disk, see <code><a
href="openid.store.filestore.FileOpenIDStore-class.html"
class="link"><code>openid.store.filestore.FileOpenIDStore</code></a></code>.
For stores based on MySQL or SQLite, see the <code><a
href="openid.store.sqlstore-module.html"
class="link"><code>openid.store.sqlstore</code></a></code> module.
<h1 class="heading">Upgrading</h1>
<h2 class="heading">From 1.0 to 1.1</h2>
The keys by which a server looks up associations in its store have
changed in version 1.2 of this library. If your store has entries
created from version 1.0 code, you should empty it.
<h2 class="heading">From 1.1 to 2.0</h2>
<p>One of the additions to the OpenID protocol was a specified nonce
format for one-way nonces. As a result, the nonce table in the store
has changed. You'll need to run contrib/upgrade-store-1.1-to-2.0 to
upgrade your store, or you'll encounter errors about the wrong number
of columns in the oid_nonces table.</p>
If you've written your own custom store or code that interacts
directly with it, you'll need to review the change notes in <a
href="openid.store.interface-module.html"
class="link"><code>openid.store.interface</code></a>.
<hr/>
<!-- =========== START OF CLASSES =========== -->
<table class="summary" border="1" cellpadding="3" cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="summary">
<th colspan="2">Classes</th></tr>
<tr><td width="15%">
<b><a href="openid.server.server.Decoder-class.html"><code>Decoder</code></a></b></td>
<td>I decode an incoming web request in to a <a
href="openid.server.server.OpenIDRequest-class.html"
class="link"><code>OpenIDRequest</code></a>.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.DiffieHellmanSHA1ServerSession-class.html"><code>DiffieHellmanSHA1ServerSession</code></a></b></td>
<td>An object that knows how to handle association requests with the
Diffie-Hellman session type.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.DiffieHellmanSHA256ServerSession-class.html"><code>DiffieHellmanSHA256ServerSession</code></a></b></td>
<td> </td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.Encoder-class.html"><code>Encoder</code></a></b></td>
<td>I encode responses in to <a
href="openid.server.server.WebResponse-class.html"
class="link"><code>WebResponses</code></a>.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.PlainTextServerSession-class.html"><code>PlainTextServerSession</code></a></b></td>
<td>An object that knows how to handle association requests with no
session type.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.Server-class.html"><code>Server</code></a></b></td>
<td>I handle requests for an OpenID server.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.Signatory-class.html"><code>Signatory</code></a></b></td>
<td>I sign things.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.SigningEncoder-class.html"><code>SigningEncoder</code></a></b></td>
<td>I encode responses in to <a
href="openid.server.server.WebResponse-class.html"
class="link"><code>WebResponses</code></a>, signing them when
required.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.WebResponse-class.html"><code>WebResponse</code></a></b></td>
<td>I am a response to an OpenID request in terms a web server
understands.</td></tr>
<tr bgcolor="#e8f0f8" class="group">
<th colspan="2"> Requests</th></tr>
<tr><td width="15%">
<b><a href="openid.server.server.OpenIDRequest-class.html"><code>OpenIDRequest</code></a></b></td>
<td>I represent an incoming OpenID request.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.AssociateRequest-class.html"><code>AssociateRequest</code></a></b></td>
<td>A request to establish an <a name="index-association"></a><i
class="indexterm">association</i>.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.CheckIDRequest-class.html"><code>CheckIDRequest</code></a></b></td>
<td>A request to confirm the identity of a user.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.CheckAuthRequest-class.html"><code>CheckAuthRequest</code></a></b></td>
<td>A request to verify the validity of a previous response.</td></tr>
<tr bgcolor="#e8f0f8" class="group">
<th colspan="2"> Responses</th></tr>
<tr><td width="15%">
<b><a href="openid.server.server.OpenIDResponse-class.html"><code>OpenIDResponse</code></a></b></td>
<td>I am a response to an OpenID request.</td></tr>
</table><br />
<!-- =========== START OF EXCEPTIONS =========== -->
<table class="summary" border="1" cellpadding="3" cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="summary">
<th colspan="2">Exceptions</th></tr>
<tr><td width="15%">
<b><a href="openid.server.server.AlreadySigned-class.html"><code>AlreadySigned</code></a></b></td>
<td>This response is already signed.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.EncodingError-class.html"><code>EncodingError</code></a></b></td>
<td>Could not encode this as a protocol message.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.MalformedReturnURL-class.html"><code>MalformedReturnURL</code></a></b></td>
<td>The return_to URL doesn't look like a valid URL.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.MalformedTrustRoot-class.html"><code>MalformedTrustRoot</code></a></b></td>
<td>The trust root is not well-formed.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.NoReturnToError-class.html"><code>NoReturnToError</code></a></b></td>
<td>Raised when a response to a request cannot be generated because the
request contains no return_to URL.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.ProtocolError-class.html"><code>ProtocolError</code></a></b></td>
<td>A message did not conform to the OpenID protocol.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.UntrustedReturnURL-class.html"><code>UntrustedReturnURL</code></a></b></td>
<td>A return_to is outside the trust_root.</td></tr>
<tr><td width="15%">
<b><a href="openid.server.server.VersionError-class.html"><code>VersionError</code></a></b></td>
<td>Raised when an operation was attempted that is not compatible with the
protocol version being used.</td></tr>
</table><br />
<!-- =========== START OF NAVBAR =========== -->
<table class="navbar" border="0" width="100%" cellpadding="0" bgcolor="#a0c0ff" cellspacing="0">
<tr valign="center">
<th class="navbar"> <a class="navbar" href="openid-module.html">Home</a> </th>
<th class="navbar"> <a class="navbar" href="trees.html">Trees</a> </th>
<th class="navbar"> <a class="navbar" href="indices.html">Index</a> </th>
<th class="navbar"> <a class="navbar" href="help.html">Help</a> </th>
<th class="navbar" align="right" width="100%">
<table border="0" cellpadding="0" cellspacing="0">
<tr><th class="navbar" align="center">
<p class="nomargin">
<a class="navbar" target="_top" href="http://openidenabled.com/python-openid/">Python-OpenID</a>
</p></th></tr></table>
</th>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td align="left"><font size="-2">Generated by Epydoc 2.1 on Wed Apr 22 16:14:21 2009</font></td>
<td align="right"><a href="http://epydoc.sourceforge.net"
><font size="-2">http://epydoc.sf.net</font></a></td>
</tr>
</table>
</body>
</html>
|
