Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
(c) 2007-2008 Phil Christensen
See LICENSE for details

txOpenID is an implementation of the OpenID Identity Provider specification,
written using Twisted Web and Divmod's Nevow. It reads authentication data and
user web sessions out of a MySQL database using MySQLdb and Twisted Enterprise's
adbapi layer.

txOpenID currently supports version 1.1 of the OpenID specification.

Python 2.5
Twisted 8.1.0 (Core, Web)
Nevow 0.9.31

About OpenID

OpenID is a shared identity service, which allows Internet users to log on to
many different web sites using a single digital identity, eliminating the need
for a different user name and password for each site. OpenID is a
decentralized, free and open standard that lets users control the amount of
personal information they provide.

Using OpenID-enabled sites, web users do not need to remember traditional
items of identity such as username and password. Instead, they only need to be
registered with any OpenID "identity provider" (IdP). Since OpenID is
decentralized, any website can use OpenID as a way for users to sign in;
OpenID does not require a centralized authority to confirm a user's
digital identity.

These instructions assume you've unpacked the txOpenID distribution, and have
changed to that directory.

First create a MySQL database to store user account and session data:

    mysql -u root -p -e "CREATE DATABASE txopenid"
    mysql -u root -p -e "GRANT ALL ON txopenid.* TO txopendid@localhost \
                        IDENTIFIED BY 'txopenid'"
    mysql -u root -p -e "FLUSH PRIVILEGES"
    mysql -u root -p < docs/database-schema.mysql

You'll also need to create a user account that will be your Single Sign-On
by adding a new record to the 'user' table:

    mysql -u root -p -e "INSERT INTO user (username, first, last, crypt) \
                         VALUES ('user', 'Joe', 'User', ENCRYPT('mypassword'))"

To setup a URL as an OpenID identifier, simply add the following tag to
the page header:

    <link rel="openid.server" href="">

Finally, launch the authentication server:

    twistd -n openid -H

You should now be able to use your OpenID identifier to login to a compatible
consumer. Keep in mind there are two different ways to authenticate to a 
OpenID provider:

    This is used in AJAX-type scenarios, and will always return immediately.
    If setup is required (e.g., to login, or approve a new identity or trusted
    root), the particular ID consumer is responsible for opening a new window
    or frame to the ID server so you can validate the request.
    This method is used when it's not important for the user to stay on-site.
    They will be redirected to the ID server, and will have a chance to login
    or approve the request if necessary. Once that is complete, or if there
    is nothing required of the end user (e.g., they are logged in, and already
    trust the root and identity), the ID server will redirect back to the
    consumer's provided return_to URL.


Example implementation of the OpenID Provider spec using Twisted.







No releases published


No packages published