哪个openid / oauth库将django项目连接到Google Apps帐户？ [英] Which openid / oauth library to connect a django project to Google Apps Accounts?

问题描述

我正在为使用Google Apps进行登录的公司开展Intranet django项目（不使用GAE）。所以我希望我的用户使用他们的谷歌帐户登录登录到我的django项目。 OpenID似乎是合适的，虽然也许Oauth也可能工作？

I'm working on an intranet django project (not using GAE) for a company that uses Google Apps for login. So I'd like my users to be able to log in to my django project using their google accounts login. OpenID seems appropriate, although maybe Oauth might work too?

我看到很多类似的命名库，将django的身份验证系统连接到外部登录系统：

I see a lot of similarly named libraries out there to connect django's auth system to external login systems:

• django-authopenid - http： //bitbucket.org/benoitc/django-authopenid


• django-openid - http://github.com/simonw/django-openid


• django-openidauth - http://code.google.com/p/django-openid-auth/


• django-oauth - http://bitbucket.org/david/django-oauth

• django-authopenid - http://bitbucket.org/benoitc/django-authopenid
• django-openid - http://github.com/simonw/django-openid
• django-openidauth - http://code.google.com/p/django-openid-auth/
• django-oauth - http://bitbucket.org/david/django-oauth

这是我想要做的整合：让用户登录他们的谷歌帐户，而不是本机django系统。保持django的权限模型，如管理系统。所以我认为这意味着自动创建一个新的用户记录在django第一次我们没有看到之前登录的新帐户。

Here's what I'd like to do with the integration: Have users login with their google accounts, instead of the native django system. Keep django's permissions model for things like the admin system. So I think that means automatically creating a new user record in django the first time a new account we haven't seen before logs in.

任何人谁有经验使用任何这些项目建议我哪一方面最好？或者如果您尝试过哪些最有活力/功能的建议？谢谢！

Can anyone with experience using any of these projects advise me on which would work best? Or just advice on which are most active / functional if you've tried them? Thanks!

推荐答案

我终于得到了这个工作，所以我会回答自己的问题，因为这里的以前的答案是有帮助的，但是不要讲整个故事。

I finally got this working, so I'll answer my own question since the previous answers here were helpful but don't tell the whole story.

django- openid-auth 实际上很容易设置和使用。 README文件很清楚。如果您只想使用标准的Google帐户（即@ gmail.com地址），请在settings.py中配置：

django-openid-auth is actually quite easy to set up and use. The README file is very clear. If you just want to use standard google accounts (i.e. @gmail.com addresses) then you configure it in settings.py with:

OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'

但是如果您想使用Google Apps帐户，即在您自己公司的域名托管的Gmail，那么它会更复杂。我从这个问题得到我的详细信息。要使用您的Google Apps帐户，请将settings.py配置为：

But if you want to use a "google apps" account, i.e. hosted gmail at your own company's domain, then it's more complicated. I got my details from this question. To use your google apps accounts, configure your settings.py to:

OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/site-xrds?hd=example.com'
# replace example.com with your hosted google apps domain

将来这可能会起作用，但今天可能不会。问题在于python-openid，django-openid-auth依赖于它。 python-openid的标准版本不能理解google正在使用的一些协议扩展。 （为什么谷歌需要扩展协议？挖掘通过 http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains 并回报。祝你好运。）所以你需要使用adieu的补丁来使用python-openid，这里是可用的：
http：/ /github.com/adieu/python-openid

In the future this might just work, but today it probably won't. The problem is in python-openid which django-openid-auth relies on. The standard build of python-openid doesn't understand some protocol extensions google is using. (Why does google need to extend the protocol? Dig through http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains and report back. Good luck.) So you need to instead use adieu's patch to python-openid, which is available here: http://github.com/adieu/python-openid

将其安装在现有的python-openid上。现在应该工作

Install this over your existing python-openid. Now it should work.

请注意 OPENID_USE_AS_ADMIN_LOGIN 设置，因为要求您拥有一个openid用户帐户是员工或超级用户使用管理员，默认情况下不会发生。所以你需要做一个两步骤的启用openid的过程，使用你的openid登录，在django中创建一个帐户，然后使用你的旧管理员帐户将自己的openid帐户标记为超级用户，然后禁用非开放的管理员访问。

Be careful with the OPENID_USE_AS_ADMIN_LOGIN setting since it requires you to have an openid user account which is 'staff' or 'superuser' to use admin which won't happen by default. So you'll need to do a 2-step process of enabling openid, logging in with your openid to create an account in django, then using your old admin account to mark your own openid account as superuser, and then disabling non-openid admin access.

还有一件事：您的域管理员可能需要为您的域启用openid登录，才能运行。控件位于 http://www.google.com/a/cpanel/ example.com/SetupIdp

One more thing: your domain admin might need to enable openid login for your domain before this will work. The control is at http://www.google.com/a/cpanel/example.com/SetupIdp

这篇关于哪个openid / oauth库将django项目连接到Google Apps帐户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！