On Django and OpenID
Anyone who knows me knows that I am a huge fan of Python, both for its simplicity and for its expressiveness. It stands to reason, then, that I am similarly drawn to Python web frameworks. My personal favorite is Django, which is the largest and most active Python web framework. I've now created three different web apps with Django and I've been very impressed. Probably the most impressive thing about Django is similar to the most impressive thing about Python—its built-ins or standard library. Django includes dozens of little components to make your life easier, like a user authentication system, tagging, email, etc.
Unfortunately, the third party ecosystem is not quite so neat. My chosen task was finding an OpenID application for my Django site. Easy, right? Not quite. Search Google for "Django OpenID" and you'll get this. For me, the first result is the Google Code source for django-openid. Perfect, right? Nope. This is simonw's project that isn't even on Google Code anymore—it's been moved to GitHub. Well, OK, for me that's the second result in Google. Are we good now? Nope, simonw's project is actually way out of date (hasn't been updated since January 12th, 2010). Alright, there's probably another project that people use instead, right? There's certainly plenty to choose from:
django-openid-auth
django-openid-auth (dead)
django-authopenid
django-socialauth
django-socialregistration
django-openid-consumer
This sounds unbelievable but I downloaded every single one of these apps and found problems with all of them. django-openid-auth is simple and well-updated but isn't very customizable and makes it difficult to create OpenID users with custom information. django-authopenid is very promising, simple, and well-documented. However, it integrates into the normal Django authentication system. While this seems to be a good thing, I'm of the mind that giving people the option of using passwords is perpetuating a broken system. That is, I want OpenID only authentication. For what its worth, Django Packages seems to highly favor django-authopenid
django-socialauth and django-socialregistration seem interesting and powerful but also very (overly) complicated. Integrating the apps into my application was taking far too long and despite their broad support for OAuth (something I actually don't think is appropriate for login anyway) customizing them to suit my purposes was proving more difficult than it as worth.
django-openid-consumer simply doesn't seem to have anyone using it.
As a result, I've created strict-openid. Mostly, its an adaptation of existing Django OpenID implementations but it's also focused on customization, simplicity, and ease of integration.
Specifically, strict-openid is OpenID authentication only but also allows for Django User integration and plugs in as a custom authentication backend.
Update: Bitbucket link now posted. https://bitbucket.org/agocke/django-strictopenid












