David Recordon
@daveman692
http://blogs.forrester.com/groundswell/2008/03/the-future-of-s.html
Atom FeedParser
{% block body %}
<h1>OpenID Example</h1>
{% if error %}
<p>Error: {{ error }}</p>
{% endif %}
<form method="post" action=".">
<label for="openid_identifier">Login with OpenID:</label>
<input type="text" id="openid_identifier" name="openid_identifier"/>
<input type="submit" />
</form>
{% endblock %}
{% block body %}
<h1>OpenID Example</h1>
{% if error %}
<p>Error: {{ error }}</p>
{% endif %}
<form method="post" action=".">
<label for="openid_identifier">Login with OpenID:</label>
<input type="text" id="openid_identifier" name="openid_identifier"/>
<input type="submit" />
</form>
{% endblock %}
try:
auth_request = auth_consumer.begin(openid_url)
except DiscoveryFailure, ex:
# Some protocol-level failure occurred.
error = "OpenID discovery error: %s" % (ex,)
return HttpResponseRedirect('%s?%s' % (reverse('openid_login'),
urllib.urlencode({'error': error})))
try:
auth_request = auth_consumer.begin(openid_url)
except DiscoveryFailure, ex:
# Some protocol-level failure occurred.
error = "OpenID discovery error: %s" % (ex,)
return HttpResponseRedirect('%s?%s' % (reverse('openid_login'),
urllib.urlencode({'error': error})))
try:
auth_request = auth_consumer.begin(openid_url)
except DiscoveryFailure, ex:
# Some protocol-level failure occurred.
error = "OpenID discovery error: %s" % (ex,)
return HttpResponseRedirect('%s?%s' % (reverse('openid_login'),
urllib.urlencode({'error': error})))
yadis_url = response.normalized_uri
body = response.response_text
try:
openid_services = OpenIDServiceEndpoint.fromXRDS(yadis_url, body)
except XRDSError:
# Does not parse as a Yadis XRDS file
openid_services = []
if not openid_services:
# Either not an XRDS or there are no OpenID services.
if response.isXRDS():
# if we got the Yadis content-type or followed the Yadis
# header, re-fetch the document without following the Yadis
# header, with no Accept header.
return discoverNoYadis(uri)
yadis_url = response.normalized_uri
body = response.response_text
try:
openid_services = OpenIDServiceEndpoint.fromXRDS(yadis_url, body)
except XRDSError:
# Does not parse as a Yadis XRDS file
openid_services = []
if not openid_services:
# Either not an XRDS or there are no OpenID services.
if response.isXRDS():
# if we got the Yadis content-type or followed the Yadis
# header, re-fetch the document without following the Yadis
# header, with no Accept header.
return discoverNoYadis(uri)
yadis_url = response.normalized_uri
body = response.response_text
try:
openid_services = OpenIDServiceEndpoint.fromXRDS(yadis_url, body)
except XRDSError:
# Does not parse as a Yadis XRDS file
openid_services = []
if not openid_services:
# Either not an XRDS or there are no OpenID services.
if response.isXRDS():
# if we got the Yadis content-type or followed the Yadis
# header, re-fetch the document without following the Yadis
# header, with no Accept header.
return discoverNoYadis(uri)
yadis_url = response.normalized_uri
body = response.response_text
try:
openid_services = OpenIDServiceEndpoint.fromXRDS(yadis_url, body)
except XRDSError:
# Does not parse as a Yadis XRDS file
openid_services = []
if not openid_services:
# Either not an XRDS or there are no OpenID services.
if response.isXRDS():
# if we got the Yadis content-type or followed the Yadis
# header, re-fetch the document without following the Yadis
# header, with no Accept header.
return discoverNoYadis(uri)
http://example.com/ http://example.com/foo
http://example.com/ https://example.com/op/
http://example.com/ http://snarf.example.com/baz/
http://*.example.com/ http://snarf.example.com/baz/
http://example.com:8080/ http://example.com/
http://*.com/ http://example.com/
...
response = openid_request.answer(True,
identity=openid_request.identity)
else:
# Got some other kind of request. Let the server take care of it.
response = server.handleRequest(openid_request)
try:
return render_openid_response(server.encodeResponse(response))
except EncodingError, ex:
return render_to_response('provider/index.html', {
'error': cgi.escape(ex.response.encodeToKVForm()),
}, RequestContext(request))
...
response = openid_request.answer(True,
identity=openid_request.identity)
else:
# Got some other kind of request. Let the server take care of it.
response = server.handleRequest(openid_request)
try:
return render_openid_response(server.encodeResponse(response))
except EncodingError, ex:
return render_to_response('provider/index.html', {
'error': cgi.escape(ex.response.encodeToKVForm()),
}, RequestContext(request))
...
response = openid_request.answer(True,
identity=openid_request.identity)
else:
# Got some other kind of request. Let the server take care of it.
response = server.handleRequest(openid_request)
try:
return render_openid_response(server.encodeResponse(response))
except EncodingError, ex:
return render_to_response('provider/index.html', {
'error': cgi.escape(ex.response.encodeToKVForm()),
}, RequestContext(request))
...
response = openid_request.answer(True,
identity=openid_request.identity)
else:
# Got some other kind of request. Let the server take care of it.
response = server.handleRequest(openid_request)
try:
return render_openid_response(server.encodeResponse(response))
except EncodingError, ex:
return render_to_response('provider/index.html', {
'error': cgi.escape(ex.response.encodeToKVForm()),
}, RequestContext(request))
...
response = openid_request.answer(True,
identity=openid_request.identity)
else:
# Got some other kind of request. Let the server take care of it.
response = server.handleRequest(openid_request)
try:
return render_openid_response(server.encodeResponse(response))
except EncodingError, ex:
return render_to_response('provider/index.html', {
'error': cgi.escape(ex.response.encodeToKVForm()),
}, RequestContext(request))
oauth_token=dn8gxxob06rirxzp30e68dsffkd08hfh&oauth_token_secret=
25sbmeb6ifnkwx6yp23w55svnof6txdy&oauth_callback_confirmed=true
oauth_token=dn8gxxob06rirxzp30e68dsffkd08hfh&oauth_token_secret=
25sbmeb6ifnkwx6yp23w55svnof6txdy&oauth_callback_confirmed=true
oauth_token=dn8gxxob06rirxzp30e68dsffkd08hfh&oauth_token_secret=
25sbmeb6ifnkwx6yp23w55svnof6txdy&oauth_callback_confirmed=true
oauth_token=dn8gxxob06rirxzp30e68dsffkd08hfh&oauth_token_secret=
25sbmeb6ifnkwx6yp23w55svnof6txdy&oauth_callback_confirmed=true
oauth_token=dn8gxxob06rirxzp30e68dsffkd08hfh&oauth_token_secret=
25sbmeb6ifnkwx6yp23w55svnof6txdy&oauth_callback_confirmed=true
oauth_token=dn8gxxob06rirxzp30e68dsffkd08hfh&oauth_token_secret=
25sbmeb6ifnkwx6yp23w55svnof6txdy&oauth_callback_confirmed=true
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=bjunknhae01qkvxw3litbej17w6h74w1&oauth_token_secret=hx
ffqqtx4vxitjex5evacz6kmplw3ms7
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=bjunknhae01qkvxw3litbej17w6h74w1&oauth_token_secret=hx
ffqqtx4vxitjex5evacz6kmplw3ms7
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=bjunknhae01qkvxw3litbej17w6h74w1&oauth_token_secret=hx
ffqqtx4vxitjex5evacz6kmplw3ms7
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=bjunknhae01qkvxw3litbej17w6h74w1&oauth_token_secret=hx
ffqqtx4vxitjex5evacz6kmplw3ms7
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=bjunknhae01qkvxw3litbej17w6h74w1&oauth_token_secret=hx
ffqqtx4vxitjex5evacz6kmplw3ms7
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=bjunknhae01qkvxw3litbej17w6h74w1&oauth_token_secret=hx
ffqqtx4vxitjex5evacz6kmplw3ms7
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=bjunknhae01qkvxw3litbej17w6h74w1&oauth_token_secret=hx
ffqqtx4vxitjex5evacz6kmplw3ms7
Obtain Unauthorized
Request Token Access Token
Request Token
Request includes Request includes
Request Grant
A oauth_consumer_key oauth_consumer_key
Request Token Request Token
oauth_signature_method oauth_token
oauth_signature oauth_signature_method
oauth_timestamp oauth_signature
oauth_nonce oauth_timestamp
oauth_version (optional) oauth_nonce
Direct User to oauth_callback oauth_version (optional)
B
Service Provider oauth_verifier
User Authorizes
Request Token
Obtain User
C
Authorization
Service Provider Service Provider
B F
Grants Request Token Grants Access Token
Direct User to Response includes Response includes
Consumer oauth_token oauth_token
oauth_token_secret oauth_token_secret
Exchange Request Token oauth_callback_confirmed
Request
D for Access Token
Access Token
Consumer Directs User to Consumer Accesses
C G
Grant Service Provider Protected Resources
E
Access Token
Request includes Request includes
oauth_token (optional) oauth_consumer_key
F oauth_token
Service Provider Directs oauth_signature_method
D oauth_signature
User to Consumer
oauth_timestamp
Access Protected
Request includes oauth_nonce
Resources
oauth_token oauth_version (optional)
G oauth_verifier
http://s3.pixane.com/Oauth_diagram.pdf
if resp['status'] != '200':
raise Exception('Invalid response: %s.' % (resp['status'],))
temporary_credentials = dict(urlparse.parse_qsl(content))
request.session[TEMP_CREDENTIALS_KEY] = temporary_credentials
if resp['status'] != '200':
raise Exception('Invalid response: %s.' % (resp['status'],))
temporary_credentials = dict(urlparse.parse_qsl(content))
request.session[TEMP_CREDENTIALS_KEY] = temporary_credentials
if resp['status'] != '200':
raise Exception('Invalid response: %s.' % (resp['status'],))
temporary_credentials = dict(urlparse.parse_qsl(content))
request.session[TEMP_CREDENTIALS_KEY] = temporary_credentials
temp_credentials = oauth.Token(temp_credentials['oauth_token'],
temp_credentials['oauth_token_secret'])
consumer = oauth.Consumer(CLIENT_KEY, CLIENT_SECRET)
client = oauth.Client(consumer, temp_credentials)
access_token = dict(urlparse.parse_qsl(content))
request.session[TOKEN_CREDENTIALS_KEY] = access_token
return HttpResponseRedirect(reverse('consumer'))
temp_credentials = oauth.Token(temp_credentials['oauth_token'],
temp_credentials['oauth_token_secret'])
consumer = oauth.Consumer(CLIENT_KEY, CLIENT_SECRET)
client = oauth.Client(consumer, temp_credentials)
access_token = dict(urlparse.parse_qsl(content))
request.session[TOKEN_CREDENTIALS_KEY] = access_token
return HttpResponseRedirect(reverse('consumer'))
temp_credentials = oauth.Token(temp_credentials['oauth_token'],
temp_credentials['oauth_token_secret'])
consumer = oauth.Consumer(CLIENT_KEY, CLIENT_SECRET)
client = oauth.Client(consumer, temp_credentials)
access_token = dict(urlparse.parse_qsl(content))
request.session[TOKEN_CREDENTIALS_KEY] = access_token
return HttpResponseRedirect(reverse('consumer'))
temp_credentials = oauth.Token(temp_credentials['oauth_token'],
temp_credentials['oauth_token_secret'])
consumer = oauth.Consumer(CLIENT_KEY, CLIENT_SECRET)
client = oauth.Client(consumer, temp_credentials)
access_token = dict(urlparse.parse_qsl(content))
request.session[TOKEN_CREDENTIALS_KEY] = access_token
return HttpResponseRedirect(reverse('consumer'))
temp_credentials = oauth.Token(temp_credentials['oauth_token'],
temp_credentials['oauth_token_secret'])
consumer = oauth.Consumer(CLIENT_KEY, CLIENT_SECRET)
client = oauth.Client(consumer, temp_credentials)
access_token = dict(urlparse.parse_qsl(content))
request.session[TOKEN_CREDENTIALS_KEY] = access_token
return HttpResponseRedirect(reverse('consumer'))
temp_credentials = oauth.Token(temp_credentials['oauth_token'],
temp_credentials['oauth_token_secret'])
consumer = oauth.Consumer(CLIENT_KEY, CLIENT_SECRET)
client = oauth.Client(consumer, temp_credentials)
access_token = dict(urlparse.parse_qsl(content))
request.session[TOKEN_CREDENTIALS_KEY] = access_token
return HttpResponseRedirect(reverse('consumer'))
try:
consumer = models.Consumer.objects.get(pk=oauth_request['oauth_consumer_key’])
except (KeyError, models.Consumer.DoesNotExist):
raise HttpUnauthorized('Consumer key missing or invalid.')
server = oauth.Server()
server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
...
oauth_token = oauth.Token(token.key, token.secret)
...
try:
oauth_consumer = oauth.Consumer(consumer.key, consumer.secret)
server.verify_request(oauth_request, oauth_consumer, oauth_token)
except ValueError, ex:
return HttpResponseUnauthorized(str(ex))
try:
consumer = models.Consumer.objects.get(pk=oauth_request['oauth_consumer_key’])
except (KeyError, models.Consumer.DoesNotExist):
raise HttpUnauthorized('Consumer key missing or invalid.')
server = oauth.Server()
server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
...
oauth_token = oauth.Token(token.key, token.secret)
...
try:
oauth_consumer = oauth.Consumer(consumer.key, consumer.secret)
server.verify_request(oauth_request, oauth_consumer, oauth_token)
except ValueError, ex:
return HttpResponseUnauthorized(str(ex))
try:
consumer = models.Consumer.objects.get(pk=oauth_request['oauth_consumer_key’])
except (KeyError, models.Consumer.DoesNotExist):
raise HttpUnauthorized('Consumer key missing or invalid.')
server = oauth.Server()
server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
...
oauth_token = oauth.Token(token.key, token.secret)
...
try:
oauth_consumer = oauth.Consumer(consumer.key, consumer.secret)
server.verify_request(oauth_request, oauth_consumer, oauth_token)
except ValueError, ex:
return HttpResponseUnauthorized(str(ex))
try:
consumer = models.Consumer.objects.get(pk=oauth_request['oauth_consumer_key’])
except (KeyError, models.Consumer.DoesNotExist):
raise HttpUnauthorized('Consumer key missing or invalid.')
server = oauth.Server()
server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
...
oauth_token = oauth.Token(token.key, token.secret)
...
try:
oauth_consumer = oauth.Consumer(consumer.key, consumer.secret)
server.verify_request(oauth_request, oauth_consumer, oauth_token)
except ValueError, ex:
return HttpResponseUnauthorized(str(ex))
try:
consumer = models.Consumer.objects.get(pk=oauth_request['oauth_consumer_key’])
except (KeyError, models.Consumer.DoesNotExist):
raise HttpUnauthorized('Consumer key missing or invalid.')
server = oauth.Server()
server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
...
oauth_token = oauth.Token(token.key, token.secret)
...
try:
oauth_consumer = oauth.Consumer(consumer.key, consumer.secret)
server.verify_request(oauth_request, oauth_consumer, oauth_token)
except ValueError, ex:
return HttpResponseUnauthorized(str(ex))
{
"startIndex": 0,
"totalResults": 3,
"entry": [
{
"profileUrl": "http://www.google.com/s2/profiles/user1ID",
"isViewer": true,
"id": "user1ID",
"thumbnailUrl": "http://www.google.com/s2/photos/private/photo1ID",
"name": {
"formatted": "Elizabeth Bennet",
"familyName": "Bennet",
"givenName": "Elizabeth"
},
"displayName": "Elizabeth Bennet",
...
},
...
}
An extension to Atom to
standardize activity streams & news
feeds
{
"version": "1.0",
"type": "photo",
"width": 240,
"height": 160,
"title": "ZB8T0193",
"url": "http://farm4.static.flickr.com/3123/2341623661_7c99f48bbf_m.jpg",
"author_name": "Bees",
"author_url": "http://www.flickr.com/photos/bees/",
"provider_name": "Flickr",
"provider_url": "http://www.flickr.com/"
}