[OpenID] ANN: Python OpenID 2.0.0 Release Candidate 1
Kevin Turner
kevin at janrain.com
Wed Apr 11 11:52:01 PDT 2007
(Moving the code-specific discussion to the dev list. Wichert, are you
on this list?)
On Wed, 2007-04-11 at 15:47 +0200, Wichert Akkerman wrote:
> The NEWS file contains no hints about needed code changes when moving
> from 1.2 to 2.0 unfortunately. This is a list of needed changes I could
> easily spot before doing any real testing:
Thanks for taking a look at this.
> * HTTPFetchingError is now found in openid.fetchers instead of
> urljr.fetchers
I'll update the documentation to mention it, but I'll also mention that
I think we've caught HTTPFetchingError when necessary, so it should be
an internal implementation detail you don't have to worry about. If you
find a public method in the Consumer or AuthRequest classes that leaks
that exception, let me know, because that's a bug.
> * yadis is not available as openid.yadis instead of direct yadis
I'll go check out your code to see where you're importing the yadis
module. I wasn't aware of folks depending on it directly.
> * the request object has a new shouldSendRedirect method which needs to
> be checked before request.redirectURL can be used. If a redirect is
> not used a new formMarkup method must be used to generate a
> redirection html (?)
Shh! I was hoping you wouldn't notice that part. shouldSendRedirect
will recommend that you use a form-POST if the provider supports OpenID
v2, but redirect will still work. Using a form-POST requires more
changes to your code; you need to include that form on a HTML page and
either get the user to click a button or include a javascript hack to do
it. The only versions of that javascript hack I've seen tend to make it
impossible to use the browser's Back button. So, if I didn't go out of
my way to encourage people to start using that feature, that's why.
The only time you'll need it is if you're transferring more data in an
OpenID extension than will fit in a GET request. If you're upgrading an
OpenID 1.1 application, you're not doing that. When you are, you'll
figure it out.
So there certainly are changes that haven't been documented in the NEWS
file. (Although I wouldn't say there are /no/ hints; the first bullet
point directs people using extensionResponse to look at openid.sreg and
the upgrading section talks about passing return_to to
Consumer.complete.) But I have had at least one report of a smooth and
successful upgrade without needing to know any more than that.
Cheers,
- Kevin
More information about the Dev
mailing list