django-federated-login is a Djhango app that provides an authentication bridge between Django projects and OpenID-enabled identity providers. The bridge is pre-wired to be used with a single Google Apps domain, but could be extended to be linked with other OpenID providers also. It is different from other OpenID consumers as this consumer only allows connecting to a pre-defined identity provider.
The provided backend matches users based on the e-mail address returned from the identity provider. If no matching user could be found, a user account can optionally be created.
Installation with pip:
pip install django-federated-login
Add 'federated_login' to your list of installed apps:
INSTALLED_APPS = (
Add 'federated_login.auth.backend.EmailBackend' as authentication backend:
AUTHENTICATION_BACKENDS = (
Provide the Google Apps domain to identify against:
FL_APPS_DOMAIN = 'webatoom.nl'
Register the views:
Point your browser to /federated/login/. You might want to include a button to this url on the regular login page.
These are the customizable settings:
Google Apps domain to identify against.
FL_CREATE_USERS (Default: False)
Whether to create a user account when unknown e-mail address is presented.
FL_USER_FACTORY (Default: 'aba.utils.fl_user_factory')
Function that is called when creating a user account.
FL_SSO_ENDPOINT (Default: Google Apps)
Override this setting to link with another OpenID identity provider.
This package depends on a fork of python-openid as the current upstream version (2.2.5) does not play well with a Google extension used by Google Apps identity provider. This fork is not listed on PyPi, so you have to include the following line in your requirements.txt to instruct pip where the patched version of python-openid can be found: