开发者

Check secure OpenID redirect?

开发者 https://www.devze.com 2023-02-04 22:53 出处:网络
The process for openid login for my server redirects to google, for example, then google redirects back to a p开发者_运维技巧age with parameters in the parameter string.how do I verify this really cam

The process for openid login for my server redirects to google, for example, then google redirects back to a p开发者_运维技巧age with parameters in the parameter string. how do I verify this really came from google?


Those parameters probably contain an OpenID assertion (or an error). You can verify the assertion by following the instructions in the OpenID spec:

http://openid.net/specs/openid-authentication-2_0.html#verification

You probably don't want to do all the work yourself, though, since it's a bit complicated. The Janrain OpenID library for python can simplify the process somewhat:

http://www.janrain.com/openid-enabled

To make things even simpler, find an OpenID plugin for your web framework. Here is one for Flask:

http://packages.python.org/Flask-OpenID/

0

精彩评论

暂无评论...
验证码 换一张
取 消