The process for openid login for my server redirects to google, for example, then google redirects back to a p开发者_运维技巧age with parameters in the parameter string. how do I verify this really came from google?
Those parameters probably contain an OpenID assertion (or an error). You can verify the assertion by following the instructions in the OpenID spec:
http://openid.net/specs/openid-authentication-2_0.html#verification
You probably don't want to do all the work yourself, though, since it's a bit complicated. The Janrain OpenID library for python can simplify the process somewhat:
http://www.janrain.com/openid-enabled
To make things even simpler, find an OpenID plugin for your web framework. Here is one for Flask:
http://packages.python.org/Flask-OpenID/
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论