I finally got this working, so I’ll answer my own question since the previous answers here were helpful but don’t tell the whole story.
django-openid-auth is actually quite easy to set up and use. The README file is very clear. If you just want to use standard google accounts (i.e. @gmail.com addresses) then you configure it in settings.py with:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'
But if you want to use a “google apps” account, i.e. hosted gmail at your own company’s domain, then it’s more complicated. I got my details from this question. To use your google apps accounts, configure your settings.py to:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/site-xrds?hd=example.com'
# replace example.com with your hosted google apps domain
In the future this might just work, but today it probably won’t. The problem is in python-openid which django-openid-auth relies on. The standard build of python-openid doesn’t understand some protocol extensions google is using. (Why does google need to extend the protocol? Dig through http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains and report back. Good luck.) So you need to instead use adieu’s patch to python-openid, which is available here:
Install this over your existing python-openid. Now it should work.
Be careful with the OPENID_USE_AS_ADMIN_LOGIN
setting since it requires you to have an openid user account which is ‘staff’ or ‘superuser’ to use admin which won’t happen by default. So you’ll need to do a 2-step process of enabling openid, logging in with your openid to create an account in django, then using your old admin account to mark your own openid account as superuser, and then disabling non-openid admin access.
One more thing: your domain admin might need to enable openid login for your domain before this will work. The control is at http://www.google.com/a/cpanel/example.com/SetupIdp
I’ve used django-openid-auth. Works fine, can create user account when signing first time. You also can associate openid login with user account in django admin panel.
- [Django]-'pip' is not recognized as an internal or external command
- [Django]-How to get form fields' id in Django
- [Django]-How can I get all the request headers in Django?
I know this is a late answer, but I’m doing similar stuff and I just discovered django-socialregistration. which basically does OAuth, OpenID, Facebook Connect, etc. Unlike some of the other options it seems to be actively developed and used by a lot of projects.
- [Django]-How to 'bulk update' with Django?
- [Django]-How to get superuser details in Django?
- [Django]-Django delete unused media files
I liked that Django socialregistration allowed me to plug in Google Accounts, Facebook, Yahoo and any other OpenID site pretty easily. You just need to give the provider as a link like so:
<a href="/socialregistration/openid/redirect/?openid_provider={{ 'http://yahoo.com'|urlencode }}"><img src="{{MEDIA_URL}}/images/yahoo.png"/></a>
- [Django]-Phpmyadmin logs out after 1440 secs
- [Django]-Throttling brute force login attacks in Django
- [Django]-South migration: "database backend does not accept 0 as a value for AutoField" (mysql)
They are all almost identical. I like django-authopenid. It has great documentation and is extremely easy to use. It’ll do exactly what you want and do it better than django-openid (which is the only other one I have tried).
- [Django]-Django OneToOne reverse access
- [Django]-Django REST framework: type object X has no attribute 'get_extra_actions'
- [Django]-Django migrate : doesn't create tables