Setting up openId in tornado python_问答_开发者

开发者 https://www.devze.com 2023-02-19 22:30 出处：网络

Hey all... I have been reading the tornado doc and came across open id mixin so I thought to myself \"Wicked no horrid password system on my side\" then I looked into how to implement it, the only exa

Hey all... I have been reading the tornado doc and came across open id mixin so I thought to myself "Wicked no horrid password system on my side" then I looked into how to implement it, the only example I came across was this

开发者_开发知识库class GoogleHandler(tornado.web.RequestHandler, tornado.auth.GoogleMixin):
    @tornado.web.asynchronous
    def get(self):
        if self.get_argument("openid.mode", None):
            self.get_authenticated_user(self.async_callback(self._on_auth))
            return
        self.authenticate_redirect()

    def _on_auth(self, user):
        if not user:
            raise tornado.web.HTTPError(500, "Google auth failed")

Which doesn't show the bigger picture, like routes, appsettings etc etc # Save the user with, e.g., set_secure_cookie()

So my question is. How does this fit into the bigger picture that is a tornado site.

This handler does not depend on other parts of application, you just set it on something like '/login/google' in url conf and place a link to this url somewhere on your website.

User clicks on it and gets redirected to google auth page (if it's logged out of google) or to a page asking to grant permission to acces his/her basic info. If user accepts - browser gets redirected back on this url handler and control comes to _on_auth method, where the user object, if present, contains a dict with user's email, name, location settings and a bunch of other stuff (just dump this variable to logs to see all of it).

At this point you can do whatever you want with this data, but in general it can look something like this:

check whether you have user with this email in database
if you have: you retrieve it's id and set it to his (secure) cookies
if it is not present: you create it with provided data, save to database, optionally send email with autogenerated password and also set the cookie
redirect somewhere else in your application: to his profile, home page or whatever you need
now your user has cookie available in all other handlers, usually you will use it while overriding RequestHandler.get_current_user method