nonce handling in python-openid 2
Wichert Akkerman
wichert at wiggy.net
Mon Apr 30 06:25:47 PDT 2007
A nice quality of the python openid 1.x store was that no bookkeeping
was needed. This is no longer true with the 2.0 code: nonces are now
kept in storage and you need to explicitly expire/remove old nonces
from the store. This complicates implementations a lot: applications
now need to explicitly call a cleanup method.
This is already noticable in the standard implementation: filestore has
a clean method to do that, but it is never called. sqlstore does not
have a clean method at all. And the interface does not mention any
clenaup routines either.
Would it be possible to change the implementation so explicit cleanup is
not necessary? If that is not possible there should be a cleanup method
to remove old nonces.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Dev
mailing list