OpenIDDjango People: OpenID and microformats
In hindsight, it was a mistake to launch Django People without support for OpenID. It was on the original feature list, but in the end I decided to cut any feature that wasn’t completely essential in order to get the site launched before it drowned in an ocean of “wouldn’t-it-be-cool-ifs”.
I thought that, once launched, the site would see a small amount of activity from a few interested parties and I’d have plenty of time to catch up on the feature backlog. What I didn’t expect was that over 750 people would create profiles within the first 24 hours!
So, I spent a few hours this evening integrating my current development version of django-openid, which thankfully had about 80% of the code needed to integrate with Django’s built-in authentication mechanism already written. Sadly the other 20% is either incomplete or a bit of a mess, but I’ve checked it in to a branch on Google Code for anyone who’s interested.
Anyway, there are a few new features on the site of interest to OpenID users:
- When signing up for a new account, you now have the option to start by signing in with an OpenID. If you do this, you’ll be able to complete the signup form without having to pick a password. If your OpenID provider supports simple registration the name, e-mail address and username fields will be filled in for you.
- If you already have an existing account, you can associate one or more OpenIDs with that account. You’ll then be able to use any of them to sign in to the account. Why multiple OpenIDs instead of just one? Two reasons: firstly, it opens the potential for doing interesting things with multiple OpenIDs from different providers in the future; secondly, it gives you a fallback for if one of your OpenID providers becomes unavailable.
- You can freely add and remove OpenIDs from your associations, with one exception: the site won’t let you delete your last OpenID if your account doesn’t also have a password associated with it, to prevent you from locking yourself out.
- While I decided that I didn’t want Django People to become yet another OpenID provider, I do want to give people the ability to use their profile page on the site as an OpenID—so that they can prove that they own it (see my recent post on identity projection). To that end, the new account settings page lets advanced OpenID users set up an
openid.serverandopenid.delegatefor their profile page, as described in my blog entry from just over a year ago.
One caveat: the site only supports OpenID 1.1, at least for the moment. I had originally planned to go for OpenID 2.0, but demand was such that I decided to get what I had up and running rather than digging in to the OpenID 2.0 libraries.
Microformats
While I was messing around with OpenID, Natalie was updating the site’s templates to clean up the crufty code I’d introduced and add some microformatted goodness. The site now uses hCard where you would expect it (country listing pages, skill listing pages and the new search interface) and the profile pages have been updated with a healthy dose of XFN (just rel=“me”, since there isn’t a relevant microformat for “people who live nearby”) and Rel-Tag. On Jeremy Keith’s suggestion, the profile pages also use hResume—all the more reason to add the Django projects you’ve worked on to your profile’s portfolio.
As usual, post feedback and bug reports as comments on this entry.
Hooray OpenID!
Just trying out delegation.
Well if nothing else, this post inspired me to go dust off my old myopenid.com ID that I registered for about a year ago.
Attaching my OpenID to the site worked like a charm, by the way.
I still really want to have some better tools to connect with the developers in my area. Having a place to leave messages for everyone would be great.
Paul
Paul Hummer - 24th January 2008 03:13 - #
> secondly, it gives you a
> fallback for if one of your
> OpenID providers becomes
> unavailable.
I thought fallback was supposed to be built into the OpenID server structure through delegation, rather than requiring all clients to support multiple OpenIDs. Is that wrong?
Great now all we need is OpenID to be used by more than a couple geeks who hope it will take off. Not that I don't but I think it's kind of a waste of time until some more big sites get behind it as providers ie Facebook MySpace etc.
It'll be interesting if you post stats on how many people in this very savvy community even use it.
Noah - 24th January 2008 05:03 - #
Great stuff :)
But, is the site down at the moment...? I'm getting error 504 (as of 07:05 GMT+0)
GiacomoL - 24th January 2008 07:09 - #
Great news about djangopeople. If you are out of blogsubjects, why dont you write a little about how you made the "people near you" with django and geonames?
Max - 24th January 2008 07:13 - #
Ouch - yes, the site's down and the VPS isn't responding. I'm rebooting it now.
Back up again now.
Stewart: delegation still requires the original host (e.g. http://simonwillison.net/ ) to be up and running. My preferred approach to supporting logins if an OpenID stops working for some reason is to re-use the "forgotten password" e-mail sending pattern, and in fact that works on DjangoPeople at the moment - forgotten password actually just sends you a general purpose account recovery link.
awesome news. fantastic work simon. as promised I just signed in and it worked like a charm. kudos for the microformats support too.
good idea, very good execution.
Congratulations to the two of you on the site: it looks great, and I love the way it does one thing and does it really well.
I'll be signing up as soon as I've done any meaningful code with Django and can actually get away with calling myself a Django Person.
I wonder if specifying the alternate delegate could be simplified by internally figuring out the two values based on another OpenID that the user provides?
Justin Walters - 24th January 2008 11:50 - #
Very nice -- Simon, would you mind providing a rough estimation of the time you spent building Django People?
That's certainly an intersting metric!
My best guest is 5-7 working days, spread over evenings and weekends since the 1st of January.
Why not use rel=neighbor?
Ryan King - 24th January 2008 22:17 - #
Very nice! I had already signed up, and I just associated my OpenID with my account very easily. Slick implementation.
So can we expect a release of django-openid that integrates with Django auth sometime in the near future?
Ryan: hah, didn't know about that one. "Someone who lives nearby, perhaps only at an adjacent street address or doorway. Symmetric. Often transitive." Our "nearby" section orders by distance, so you can have someone in the list who is hundreds of miles away - but I might stick in some logic that only flags someone as "neighbor" if they are within 5 miles.
@Adam: I hope so. The branch in subversion that I linked to is a good starting point.
Why not use Micro ID for users to prove that they own their profile?
Hugh: because I don't understand it. What's to stop me finding out your e-mail address and then hashing it along with a nasty URL to falsely claim that you own that content?
Great idea, but I forgot my password :) and the account recovery link gave me a 500 error.
Bernd - 27th January 2008 18:46 - #
I've fixed the account recovery bug.
Indeed, Simon, i was surprised to notice you had created DjangoPeople and not also find an OpenID registration and login, and then pleased to read you had not given up on OpenID. This leads me to the next question.
Why make the same mistake again, with LinkHerd?
LinkHerd isn't my project - I just set up a Django shard on there. I completely agree that they need to support OpenID, and I've suggested that already. If someone puts together a reddit clone that supports OpenID I'll start promoting a Django shard there straight away.
Simon: Micro ID only makes sense when you require some intermediate assurance. Right now Micro ID only really makes sense in a few cases involving Claim ID and its ilk, and its really just an attempt to replace "random auth token" with something that is easier to calculate and possible for a website to pre-calculate and auto-include. In the end it is a way for you to help a site like Claim ID vouch for your vouch for some other website, based upon that other website vouching for having validated your email address.
I don't think its the most useful thing in the world, but I don't begrudge the people that want to use it. But in the end I think that my personal website speaks more about me than any Claim ID profile might... If I link to it from my personal website, consider it "vouched" or "claimed" or whatever, you know? In which case to me XFN rel="me" is much more useful, but currently harder to check because it relies on (in the worst case) following an entire graph of links for true verification...
By the way, this OpenID commenting is nice... I'm thinking about taking django-threadedcomments and pushing in OpenID support similar to the way you have it set up here. Have you put any thought into squeezing OpenID login into the Preview process? It might be interesting to try to auto-discover OpenID addresses in a website field and question the user via AJAX, for instance. I could imagine it might be handy for "one time commenters".
Also, would you be interested in a patch for django-openid if I wrote one to add simple support for BotBouncer? It would be optional (ie, would check some flag like settings.USE_BOTBOUNCER_FOR_OPENID and then use an obvious settings.BOTBOUNCER_API_KEY...), but might be a nice thing to have as an option for those using django-openid, particularly if (knock on wood) more bots start to speak OpenID. I'm thinking that for my comments on my website I might skip Akismet filtering for OpenID commenters and just check BotBouncer on login. It certainly would save at least some very small fraction of bandwidth and general API calls.
man i have an open id. im so cool
Simon, do you plan to release the Django People source code? I bet many of us Django learners would love to play with it and build our own :)
Pedro Valente - 25th February 2008 22:38 - #
I definitely agree. I'm not finding anything even close to the coolness of the country/region select system (minus the Google Maps). So to see how it was done would really boost the Django exp up a bit.
neat, I just delegated my django people OpenID to the wordpress.com account :D
Two nits:
Yay, OpenID rocks!