Reputation: 12848
Check secure OpenID redirect?
The process for openid login for my server redirects to google, for example, then google redirects back to a page with parameters in the parameter string. how do I verify this really came from google?
Upvotes: 0
Views: 147
Answers (1)
Reputation: 23509
Those parameters probably contain an OpenID assertion (or an error). You can verify the assertion by following the instructions in the OpenID spec:
http://openid.net/specs/openid-authentication-2_0.html#verification
You probably don't want to do all the work yourself, though, since it's a bit complicated. The Janrain OpenID library for python can simplify the process somewhat:
http://www.janrain.com/openid-enabled
To make things even simpler, find an OpenID plugin for your web framework. Here is one for Flask:
http://packages.python.org/Flask-OpenID/
Upvotes: 1
Related Questions
- How do I know when a OIDC authentication redirect was sent?
- Python Requests Logging into a website
- How to request pages from website that uses OpenID?
- Implement OpenID in Python
- OpenID Python direct login script
- OpenID Redirection
- Python - How to request pages from website that uses OpenID
- OpenId withouth http redirects?
- OpenID Security - Bogus OpenID Redirect
- How to provide Return URL Verification with OpenID?