Django & google openid authentication (openid.ax) with socialauth

Question

I am trying to use django-socialauth (http://github.com/uswaretech/Django-Socialauth) for authenticating users for my django project.

This is firs time working with openid and i've had to figure out how exactly this open id works. I have more or less understood it, by now, but there are few things that elude me.

The authentication process starts when the request is put together in in django-socialauth.openid_consumer.views.begin. I can see that the outgoing authentication request is more or less something like this:

https://www.google.com/accounts/o8/ud?openid.assoc_handle=AOQobUckRThPUj3K1byG280Aze-dnfc9Iu6AEYaBwvHE11G0zy8kY8GZ&
openid.ax.if_available=fname&
openid.ax.mode=fetch_request&
openid.ax.required=email&
openid.ax.type.email=http://axschema.org/contact/email&
openid.ax.type.fname=http://example.com/schema/fullname&
openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&
openid.identity=http://specs.openid.net/auth/2.0/identifier_select&
openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&
openid.ns.ax=http://openid.net/srv/ax/1.0&
openid.ns.sreg=http://openid.net/extensions/sreg/1.1&
openid.realm=http://localhost/&
openid.return_to=http://localhost/social/gmail_login/complete/?janrain_nonce=2010-03-20T11%3A19%3A44ZPZCjNc&openid.sreg.optional=postcode,country,nickname,email

This is lot like 2nd example here: http://code.google.com/apis/accounts/docs/OpenID.html#Samples

The problem is, that the request, i get back, is nothing like the corresponding example from code.google.com (look at the 3rd example in example responses. Response dict i get is like this:

{
'openid.op_endpoint': 'https://www.google.com/accounts/o8/ud', 
'openid.sig': 'QWMa4x4ruMUvSCfLwKV6CZRuo0E=', 
'openid.ext1.type.email': 'http://axschema.org/contact/email', 
'openid.return_to': 'http://localhost/social/gmail_login/complete/?janrain_nonce=2010-03-20T17%3A54%3A06ZHV4cqh', 
'janrain_nonce': '2010-03-20T17:54:06ZHV4cqh', 
'openid.response_nonce': '2010-03-20T17:54:06ZdC5mMu9M_6O4pw', 
'openid.claimed_id': 'https://www.google.com/accounts/o8/id?id=AItOghawkFz0aNzk91vaQWhD-DxRJo6sS09RwM3SE', 
'openid.mode': 'id_res', 
'openid.ns.ext1': 'http://openid.net/srv/ax/1.0', 
'openid.signed': 'op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle,ns.ext1,ext1.mode,ext1.type.email,ext1.value.email', 
'openid.ext1.value.email': 'my.emailaddress@gmail.com', 
'openid.assoc_handle': 'AOQobUfssTJ2IxRlxrIvU4Xg8HHQKKTEuqwGxvwwuPR5rNvag0elGlYL',
'openid.ns': 'http://specs.openid.net/auth/2.0', 
'openid.identity': 'https://www.google.com/accounts/o8/id?id=AItOawkghgfhf1FkvaQWhD-DxRJo6sS09RwMKjASE', 
'openid.ext1.mode': 'fetch_response'}

The socialauth itself has been built to accept my email address this way:

    elif request.openid and request.openid.ax:
        email = request.openid.ax.get('email')

And obviously this fails.

Why i am asking all this is, that perhaps i am doing something wrong and my outgoing request is wrong? Or am i doing all correctly and should change the socialaouth module to accept info in a new way and then commit the change?

Alan

Answer 1

Try using the full attribute URI in your ax.get, i.e. ax.get('http://axschema.org/contact/email')