哪个 openid / oauth 库可将 django 项目连接到 Google Apps 帐户?

发布于 2024-09-07 22:50:34 字数 1007 浏览 10 评论 0原文

我正在为一家使用 Google Apps 登录的公司开发一个 Intranet django 项目(不使用 GAE)。所以我希望我的用户能够使用他们的 google 帐户登录来登录我的 django 项目。 OpenID 似乎很合适,尽管也许 Oauth 也可以工作?

我看到很多类似名称的库将 django 的身份验证系统连接到外部登录系统:

这是我想要对集成执行的操作:让用户使用他们的 google 帐户而不是本机 django 系统登录。保留 Django 的权限模型,例如管理系统。所以我认为这意味着我们之前从未见过的新帐户第一次登录时会自动在 django 中创建新的用户记录。

任何有使用这些项目经验的人都可以告诉我哪个最有效吗?或者只是建议您尝试过哪些是最活跃/最实用的?谢谢!

I'm working on an intranet django project (not using GAE) for a company that uses Google Apps for login. So I'd like my users to be able to log in to my django project using their google accounts login. OpenID seems appropriate, although maybe Oauth might work too?

I see a lot of similarly named libraries out there to connect django's auth system to external login systems:

Here's what I'd like to do with the integration: Have users login with their google accounts, instead of the native django system. Keep django's permissions model for things like the admin system. So I think that means automatically creating a new user record in django the first time a new account we haven't seen before logs in.

Can anyone with experience using any of these projects advise me on which would work best? Or just advice on which are most active / functional if you've tried them? Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

千寻… 2024-09-14 22:50:34

我终于开始工作了,所以我将回答我自己的问题,因为之前的答案很有帮助,但没有讲述整个故事。

django-openid-auth 实际上非常容易设置和使用。 README 文件非常清楚。如果您只想使用标准谷歌帐户(即@gmail.com地址),那么您可以在settings.py中配置它:

OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'

但如果您想使用“谷歌应用程序”帐户,即在您自己公司的域中托管的gmail,那么这更复杂。我从此问题获取了详细信息。要使用您的谷歌应用程序帐户,请将您的settings.py配置为:

OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/site-xrds?hd=example.com'
# replace example.com with your hosted google apps domain

将来这可能会起作用,但今天可能不会。问题出在 django-openid-auth 所依赖的 python-openid 中。 python-openid 的标准构建不理解 google 正在使用的一些协议扩展。 (为什么谷歌需要扩展协议?深入了解 http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains 并报告。)祝你好运。你需要使用 adieu 的 python-openid 补丁,可以在这里找到:
http://github.com/adieu/python-openid

在现有的 python 上安装它 -打开ID。现在应该可以了。

请小心使用 OPENID_USE_AS_ADMIN_LOGIN 设置,因为它要求您拥有“员工”或“超级用户”的 openid 用户帐户才能使用管理员,但默认情况下不会发生这种情况。因此,您需要执行一个两步过程:启用 openid,使用您的 openid 登录以在 django 中创建一个帐户,然后使用您的旧管理员帐户将您自己的 openid 帐户标记为超级用户,然后禁用非 openid 管理员使用权。

还有一件事:您的域管理员可能需要为您的域启用 openid 登录,然后才能正常工作。该控件位于 http://www.google.com/a/cpanel/ example.com/SetupIdp

I finally got this working, so I'll answer my own question since the previous answers here were helpful but don't tell the whole story.

django-openid-auth is actually quite easy to set up and use. The README file is very clear. If you just want to use standard google accounts (i.e. @gmail.com addresses) then you configure it in settings.py with:

OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'

But if you want to use a "google apps" account, i.e. hosted gmail at your own company's domain, then it's more complicated. I got my details from this question. To use your google apps accounts, configure your settings.py to:

OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/site-xrds?hd=example.com'
# replace example.com with your hosted google apps domain

In the future this might just work, but today it probably won't. The problem is in python-openid which django-openid-auth relies on. The standard build of python-openid doesn't understand some protocol extensions google is using. (Why does google need to extend the protocol? Dig through http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains and report back. Good luck.) So you need to instead use adieu's patch to python-openid, which is available here:
http://github.com/adieu/python-openid

Install this over your existing python-openid. Now it should work.

Be careful with the OPENID_USE_AS_ADMIN_LOGIN setting since it requires you to have an openid user account which is 'staff' or 'superuser' to use admin which won't happen by default. So you'll need to do a 2-step process of enabling openid, logging in with your openid to create an account in django, then using your old admin account to mark your own openid account as superuser, and then disabling non-openid admin access.

One more thing: your domain admin might need to enable openid login for your domain before this will work. The control is at http://www.google.com/a/cpanel/example.com/SetupIdp

屋檐 2024-09-14 22:50:34

我使用过 django-openid-auth。工作正常,可以在第一次签名时创建用户帐户。您还可以将 openid 登录与 django 管理面板中的用户帐户关联起来。

I've used django-openid-auth. Works fine, can create user account when signing first time. You also can associate openid login with user account in django admin panel.

友欢 2024-09-14 22:50:34

我知道这是一个迟到的答案,但我正在做类似的事情,我刚刚发现 django-socialregistration。它基本上执行 OAuth、OpenID、Facebook Connect 等。与其他一些选项不同,它似乎被许多项目积极开发和使用。

I know this is a late answer, but I'm doing similar stuff and I just discovered django-socialregistration. which basically does OAuth, OpenID, Facebook Connect, etc. Unlike some of the other options it seems to be actively developed and used by a lot of projects.

撩动你心 2024-09-14 22:50:34

我喜欢 Django Socialregistration 允许我插入 Google 帐户、Facebook、Yahoo 和任何其他 OpenID网站很容易。您只需将提供商作为链接提供,如下

所示:

I liked that Django socialregistration allowed me to plug in Google Accounts, Facebook, Yahoo and any other OpenID site pretty easily. You just need to give the provider as a link like so:

<a href="/socialregistration/openid/redirect/?openid_provider={{ 'http://yahoo.com'|urlencode }}"><img src="{{MEDIA_URL}}/images/yahoo.png"/></a>

花伊自在美 2024-09-14 22:50:34

它们几乎都是相同的。我喜欢 django-authopenid。它有很棒的文档并且非常易于使用。它会完全按照你想要的方式做,并且比 django-openid (这是我尝试过的唯一的另一个)做得更好。

华泰

They are all almost identical. I like django-authopenid. It has great documentation and is extremely easy to use. It'll do exactly what you want and do it better than django-openid (which is the only other one I have tried).

HTH

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文