Hey all… I have been reading the tornado doc and came across open id mixin so I thought to myself “Wicked no horrid password system on my side” then I looked into how to implement it, the only example I came across was this
class GoogleHandler(tornado.web.RequestHandler, tornado.auth.GoogleMixin):
@tornado.web.asynchronous
def get(self):
if self.get_argument("openid.mode", None):
self.get_authenticated_user(self.async_callback(self._on_auth))
return
self.authenticate_redirect()
def _on_auth(self, user):
if not user:
raise tornado.web.HTTPError(500, "Google auth failed")
Which doesn’t show the bigger picture, like routes, appsettings etc etc
# Save the user with, e.g., set_secure_cookie()
So my question is. How does this fit into the bigger picture that is a tornado site.
This handler does not depend on other parts of application, you just set it on something like ‘/login/google’ in url conf and place a link to this url somewhere on your website.
User clicks on it and gets redirected to google auth page (if it’s logged out of google) or to a page asking to grant permission to acces his/her basic info. If user accepts – browser gets redirected back on this url handler and control comes to _on_auth method, where the user object, if present, contains a dict with user’s email, name, location settings and a bunch of other stuff (just dump this variable to logs to see all of it).
At this point you can do whatever you want with this data, but in general it can look something like this: