Look in docs/example.wsgi for an example of how to setup the application.
The application uses pycurl, which you must install. It has no other prerequesites. Should be okay with Python 2.5 - 2.7.
You must include
https://browserid.org/include.js, and also include
/wsgibrowserid.js (under whatever path you mount the application). This will define an object
There are three provided functions:
This logs the user in, calling
callback(data) with all the data sent from
data.email). If the login fails it will call
Logs the user out. Simply unsets the cookie.
Returns the userid (email address), or null.
More examples of hashing functions, secret getters.
Way to do HttpOnly cookies (I guess set a second cookie with the email)
Way to confirm the login, not just trust the cookie is valid
Maybe some timestamping, expiration, and other standard login cookie security practices
Some callback(s) that the server can do on login (e.g., have it connect to
More formal logout than just deleting the cookie. Or with HttpOnly, server-side delete of the cookie.
Write the whole thing in PHP; same concept, another deployment technique.
Maybe setup an App Engine recipe.
No good error messages, and many "typical" errors aren't handled gracefully.