Stated simply, OpenID allows you to log in to multiple sites with a single account (represented by a URL). This means fewer passwords to remember and fewer repetitive registration forms to fill out.
OpenID Relying Party updates
Updated RP to support SREG extension for populating user profiles, and Canonical's Teams extension so that Launchpad Teams can be used to define ACLs in MoinMoin.
SREG requires pytz module to convert named time zones into second-offsets.
The Simple Registration (SREG) Extension for OpenID makes it possible to move basic profile data between an OpenID Provider and other sites. Available fields are:
- dob (date of birth)
- postcode (postal code/zip code)
MoinMoin can assign nickname or fullname as Wiki username, and set the values for email, language, timezone in user objects. The SREG fields used during authentication are set as User.auth_attribs so they cannot be edited in MoinMoin directly .. they will be updated from the OpenID Provider each time a user logs in.
Canonical developed the Teams extension to OpenID to transfer the concept of Team membership in Launchpad to MoinMoin ACLs and Groups. The wikiconfig must specify an array of team names that will be granted access to the wiki, as well as the usual MoinMoin ACL options and the username of an admin account for editing group pages programmatically.
When a user logs in with OpenID, the teams listed in the openidrp_authorized_teams config variable will be requested from the OpenID Provider. When a user authenticates, the common set of requested teams and teams the user is a member of are returned to MoinMoin. Then, the group pages for those teams are updated with the user's name.
Rowan, maybe we have soon a better method than "updating group pages", due to the groups/dicts backends we'll have soon in moin/1.9 - see http://hg.moinmo.in/moin/1.9-groups-dmilajevs/ (was merged into moin/1.9 main repo).
Incidental modifications to non-auth specific files
Some HTML generation functions were updated to have extra options to properly generate the OpenID login screens.
from MoinMoin.auth.openidrp import OpenIDAuth from MoinMoin.auth.openidrp_ext.openidrp_sreg import * from MoinMoin.auth.openidrp_ext.openidrp_teams import * # use custom functions to chain OpenID extensions together def localconfig_openidrp_modify_request(oidreq, cfg): openidrp_sreg_modify_request(oidreq, cfg) openidrp_teams_modify_request(oidreq, cfg) return def localconfig_openidrp_update_user(info, u, cfg): u = openidrp_sreg_create_user(info, u, cfg) u = openidrp_teams_create_user(info, u, cfg) return u def localconfig_openidrp_create_user(info, u, cfg): openidrp_sreg_update_user(info, u, cfg) openidrp_teams_update_user(info, u, cfg) return auth = [ OpenIDAuth(modify_request=localconfig_openidrp_modify_request, update_user=localconfig_openidrp_update_user, create_user=localconfig_openidrp_create_user), ... ] cookie_lifetime = (1, 12) # use anonymous_cookie_lifetime for 1.7, anonymous_session_lifetime for 1.6 openidrp_allowed_op =  openidrp_allow_registration = False openidrp_registration_url = 'http://...' # configurable SREG request values # possible values: # nickname, email, fullname, dob, gender, country, language, timezone # match these up with OpenIDRP.auth_attribs # ['name', 'email', 'aliasname', 'language', 'tz_offset'] openidrp_sreg_required = ['nickname', 'email', 'timezone'] openidrp_sreg_optional = ['fullname', 'language'] openidrp_sreg_username_field = 'nickname' #'fullname' # don't let users change password or have multiple openids user_form_disable = ['changepass', 'oid'] # remove some options from the large user preferences form user_form_remove = ['css_url', 'quicklinks'] #'password', 'password1', 'password2'] # OpenID Teams configuration openidrp_authorized_teams =  # ACL configuration, based on Teams DesktopEdition = False openidrp_acl_admin = 'AclAdmin' openidrp_acl_page_postfix = 'Team' acl_rights_default = u'Known:read,write All:read' #,write,delete,revert,admin" acl_rights_before = u'%s:read,write,delete,revert,admin' % openidrp_acl_admin acl_hierarchic = True page_group_regex = ur'(?P<all>(?P<key>\S+)%s)' % openidrp_acl_page_postfix