This is a fork of the oneid/oneid-python-sdk library that uses pycurl, rather than the newer Python requests API, to access the OneID Helper Service. This is useful on some platforms where the requests module does not use SSLv3, since the Helper Service does not work with other SSL/TLS versions.
An alternative approach might be to use the requests-sslv3 library, although this has not been tested.
The OneID module implements a single class, OneID, which implements an easy-to-use interface to the OneID identity service.
Implementing OneID sign in is a three-part process. You will normally create a page on your server corresponding to each part:
- Reference Page (where OneID button(s) will be displayed)
- Validation Page (receives a callback from the user with the authentication information and attempst to validate it)
- Account Page (receives a redirect from the Validation Page following validation)
Creating an instance of the OneID class takes a single optional parameter, the name of the OneID environment to be used, if other than the default. Alternate OneID environments are used for internal development, testing, and beta test purposes. Contact OneID Support at [email protected] if you have a need to use one of these environments.
The OneID class provides the following methods:
Sets the credentials required by the OneID Helper Service. The
Helper Service is used by the validate()
method to check
the signatures provided in the authentication as well as
signatures on any requested attributes that are signed by
OneID. To use the Helper Service, you will need to obtain an API
Key from https://keychain.oneid.com/register and provide them via
this method prior to calling validate()
. By downloading
an API Key you agree to the OneID Developer Agreement (URL
here). This method is normally only required when implementing the
Validation Page.
Calls the OneID Helper Service to validate the signatures on a
response received from the user. This method takes one parameter,
line, which is the string-format JSON response from the user's
agent (provided as POST data to the Validate page). validate()
is
called by the Validation Page.
If validation is unsuccessful, validate()
returns a dictionary
containing the following values: "failed": "failed" "errorcode":
numeric error code "error": textual error message
If successful, validate()
returns a dictionary with the following values:
(fill in the format here)
Generates and prints JavaScript that instantiates a OneID Sign In button on the page. This method takes two parameters, the callback URL (address of the Validation Page) and an optional space-delimited list of optional attributes to be provided as part of the authentication. If no attr parameter is specified, no attributes are supplied. The http_post parameter should be True if the callback (Validation) page should directly function as the account page rather than output JSON causing the browser to redirect to the account page via an AJAX request (AJAX is the default).
This method is used on the Reference Page. Instead of calling this method, the JavaScript it generates can be directly embedded in an HTML web page.
Creates a JSON string, to be output by the Validation Page, to cause the browser to redirect to the Account Page following validation. It takes three parameters, the URL of the Account Page to be redirected to, the response from the validation server, and a session ID. The session ID is a parameter to the redirect URL that points to the session context for the redirected session.
Saves the UID and attribute information from a validation response
in a temporary file for later retrieval by the Account Page. It
returns a string token referring to the session ID which can be
referenced in the redirect URL (see redirect()
method).
Uses the sessionid to retrieve stored UID and attribute information for the session. This method is typically used on the Account Page. It returns a dictionary containing the UID ("uid") and attributes ("attr"), the latter of which is a dictionary of attributes returned with the response.