Skip to content

Implement OpenID Logins #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dstufft opened this issue Oct 8, 2013 · 10 comments
Closed

Implement OpenID Logins #61

dstufft opened this issue Oct 8, 2013 · 10 comments
Milestone
5: Shut Down Lega...

Comments

@dstufft
Copy link
Member

dstufft commented Oct 8, 2013

PyPI allows logging in via OpenID, we need to either implement this or deprecate it and provide a migration path.
@dstufft dstufft added the medium label Apr 13, 2015
@domenkozar
Copy link
Contributor

Should be fairly trivial with http://velruse.readthedocs.org/en/latest/

@ergo
Copy link

ergo commented Aug 11, 2015

I suggest http://peterhudec.github.io/authomatic/ instead - it supports both py 2 and 3, and I've implemented both velruse and authomatic in my applications.

Authomatic supports bigger range of providers over velruse though.

I can provide example implementation if you guys are interested.

@apollo13
Copy link

The last release from velruse was in 2013 -- does not seem to be really reassuring. If there are no objections from @dstufft I'd give authomatic a try, unless there is a "defacto" solution for pyramid I do not know off…

@ergo
Copy link

ergo commented May 14, 2016

I've used both velruse and authomatic - both work fine with pyramid - however authomatic supports py3 and way more providers as of today.

@brainwane brainwane modified the milestones: 2) Launch: redirect pypi.python.org to pypi.io, 3) Feature parity with PyPI Jun 30, 2016
@ewdurbin
Copy link
Member

Numbers from the past month:

screen shot 2017-09-20 at 10 17 53 am

While I think maintaining federated authentication is not a bad idea, it is clearly not used enough to warrant doing any backflips.

pypa/pypi-legacy currently uses Authomatic for both Google and OpenID and I'm a huge fan, it was straightforward to integrate and hasn't caused any fuss since being deployed.

@brainwane
Copy link
Contributor

@dstufft Per your distutils-sig email shall we close this issue?

@rsyring
Copy link

rsyring commented Jan 16, 2018

FWIW, it seems like a few comments on the distutils-sig thread indicate the usage disparity is due to the perception that google integration doesn't work on pypi currently. That's also true for me. If better social auth (GitHub and Google being my two preferences) were available in the future, I'd likely use it more.

@ewdurbin
Copy link
Member

ewdurbin commented Jan 16, 2018
edited
Loading

We disabled new Google Login associations many moons ago.

Only users who had previously associated a Google Account are able to use the feature, new logins are intentionally disabled.

@ewdurbin
Copy link
Member

ewdurbin commented Jan 16, 2018
edited
Loading

No PyPI user found associated with that Google Account, Associating new accounts has been deprecated.

Is the "error" message that currently displays when attempting to login with an unassociated Google Account.

@dstufft
Copy link
Member Author

dstufft commented Jan 17, 2018

Closing this, we're not going to support Federated auth at this time.

@dstufft dstufft closed this as completed Jan 17, 2018
@di di mentioned this issue Jan 23, 2018
Closed
@di di mentioned this issue Apr 4, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5: Shut Down Legacy PyPI
Development

No branches or pull requests
9 participants
@ergo @apollo13 @rsyring @domenkozar @dstufft @di @brainwane @ewdurbin @nlhkabu