OpenID Libraries should be stateless
Kevin Turner
kevin at janrain.com
Tue Feb 5 11:38:17 PST 2008
On Tue, 2008-02-05 at 10:34 -0800, Ryan Ernst wrote:
> So then what do I do? Read the objects manually and save out there
> state, sign it, pass it through the return_to, and recreate the
> objects and the session map? That seems like a lot of work that could
> be avoided if the yadis library would just store its state in a format
> independent of the application server it is running on.
I could me missing something here, but it seems to me that it is in fact
*exactly the same* amount of work.
It's entirely fair to say that the API doesn't cater to your
environment. But moving that work in to that portion of the library
would just trade one assumption for another, and then anyone running a
single-process server would wonder "hey, why does this get serialized
here just to un-serialize it in the next step?"
What Josh was suggesting is that this work be done in an alternate
implementation of openid.consumer.consumer.Consumer, which seems like a
reasonable suggestion, and we'd likely entertain any patches contributed
that include or facilitate that. Although I'm a little concerned that
the most natural way to do that would be equivalent to implementing a
session mechanism, and we'd much rather leave that to the web
frameworks, rather than maintain such an implementation inside the
OpenID library.
More information about the Dev
mailing list