[Python-Dev] Python wiki (original) (raw)

Scott Dial scott+python-dev at scottdial.com
Mon Sep 27 03:56:20 CEST 2010

On 9/26/2010 3:12 AM, Martin v. Löwis wrote:

2) The URL registered with the OpenID provider is a bit of a wart: "http://pypi.python.org/pypi?:action=openidreturn" vs. "http://bitbucket.org/" You mean, as this is what the provider then shows you for confirmation?

The provider also lists the trusted sites by these return URLs, and that is where I saw it as being a bit of a wart. I use the OpenID plugin for WordPress as my provider, so it may be that it doesn't do this correctly. I noticed that Google shows just "pypi.python.org", but the WordPress plugin shows that return URL instead. Nevertheless, I agree that it's too late/not worth it to change that now.

I think there is no way out wrt. to the basic auth prompt. I could label the "Login" link "Password login" if you think this would help.

The basic auth prompt doesn't bother me so much as the fact that the 401 doesn't have a "Use OpenID [Google] [myOpenID] [Launchpad]" set of links; you have to use the brower's back button because the only links offered are to register or reset your password.

Preventing the browser from prompting the user on the chance they might want to enter an OpenID is not possible, and stopping to use basic authentication is not feasible.

In theory, you could catch usernames that started with "http://", but I imagine that only "ultra geeks" know their URIs (I have no idea what the URI for a Google account is). But, I don't see this as being worthwhile either; I just think it would be nice if the 401 page gave a quick way to correct one's mistake that didn't involve the back button.

And again, enjoying a short OpenID URI probably does put you in the "ultra geek" category (which I seriously don't mean as an offense).

No offense taken. :)

-- Scott Dial scott at scottdial.com scodial at cs.indiana.edu

More information about the Python-Dev mailing list