I search for OpenID-library, which works with python3. I need to be an OpenID-provider and OpenID-consumer. tornado.auth provides only consumer functionality. What I can use to implement provider functionality, or how it can be implemented with tornado?
Does anybody uses python3-openid (fork of python-openid)? How it works?
python3-openid is the Python 3 version of python-openid, which has been more or less the reference library for OpenID in Python for several years. So it should implement everything you need. (Disclaimer: I ported python3-openid over and am the maintainer of the PyPI package).
However, for Tornado you will need a non-blocking implementation, ideally using Tornado's HTTPClient classes, and currently python3-openid does not provide that -- if you'd like to implement it, though, I'll gladly work on your pull request!
I went with pyoidc because it is listed as a "Certified Relying Party Library" on the official list of "Certified OpenID Connect Implementations" directly on the website for the OpenID standard. It runs on Python 3.5+ and also doubles as a full OAuth2.0 implementation.
I know this is an old post but it is still relevant. One should not screw around when it comes to things like security and authentication, it could very well save your job to stick with officially recommended or certified libraries - if anything goes wrong, at least your choice of authentication library can't be called into question!
have you tried this, i found it on pypi:
http://pypi.python.org/pypi/python3-openid/3.0.1
Related
I'm confused as why OpenTelemetry documentaion has OpenTelemetry Python API and OpenTelemetry Python SDK.
Like when using the specification in python when we should consider pip install opentelemetry-api over pip install opentelemetry-sdk
From the github pages of the implementation.
(note: could not fit this into a comment and did not want to just post a link alone)
This repository includes multiple installable packages. The
opentelemetry-api package includes abstract classes and no-op
implementations that comprise the OpenTelemetry API following the
OpenTelemetry specification. The opentelemetry-sdk package is the
reference implementation of the API.
Libraries that produce telemetry data should only depend on
opentelemetry-api, and defer the choice of the SDK to the application
developer. Applications may depend on opentelemetry-sdk or another
package that implements the API.
In simple terms imagine a plain python or JAVA interface. An interface by itself is just a contract saying what all things it can do. But you cannot use that in your code anywhere without implementing the interface first. So interfaces are just abstract contracts(API) which needs to be have concrete implementations(SDK). It is only then can you use the SDK.
Such strategies normally help with unifying the implementations of software libraries across industry under a consistent and constant contract. There are multiple vendors out there like Datadog, New Relic, DynaTrace, Signoz and more who can now implement their own SDK if needed but at the same time comply with a standard contract that everyone abides by. This allows you as application developers to not get coupled to any one vendor. But have the option to choose the best one among them and make the swap when necessary without breaking anything in your software system.
Hope this helps answering why application may only depend on SDK.
I new to SSO and I've only tried pysaml2 by far.
I am also aware of python3-saml library (and its python-saml Python 2 flavour).
I need to use one of those with Shibboleth, if it is relevant.
What are the pros and cons of pysaml2 and python3-saml?
Update:
As for 2019, I still find python3-saml to be the best option if you need to implement an SP. It is not flawless (sorry #smartin, hhehe), but it will give you much less headache than pysaml2.
Both projects are compatible with Shibboleth.
pysaml2 is older than python3-saml, right now both support py2 and py3. Both are kinda active and documented.
python3-saml follows the structure of Onelogin's SAML toolkit so if you used any other toolkit before (php-saml, ruby-saml, java-saml), will be easy for you to handle with it (similar methods, same settings).
Differences
Crypto:
pysaml2 uses as dependecy pycryptodome to handle with cryptography and implements its own xmldsig and xmlenc classes (to manipulate signatures and encryption on XMLs).
python3-saml uses as dependecy python-xmlsec and delegates on it the signature/encryption of XML elements.
Functionality:
pysaml2 let you deploy an Identity Provider or a Service Provider
python3-saml is focused on the Service Provider
Settings:
In my opinion, python3-saml is easier than pysaml2, settings are more precise and its repo contains code examples on how integrate a django or a flask app and a guide at the docs.
Note: I'm the author of python3-saml
First of all: Yes, I know that there are plenty of SOAP/WSDL/Python Questions. And no, none of the answers I found was really helpful (anymore).
Secondly: Yes, I wouldn't use SOAP/WSDL anymore if I wouldn't need to. Unfortunately there are still huge software companies only offering web service through this interface. And I have to communicate with such a system. The specific company suggests the usage of PHP but I'm not really a PHP fan when it comes to serious things. I know that there seem to be good SOAP solutions for Java but Java is no option in this context.
The problem: There exists a multitude of SOAP packages for Python and quite some of them support WSDL. Foremost SOAPpy and ZSI. Unfortunately they usually depend on PyXML, which isn't compatible to recent Python versions anymore. I'm fine with Python 3 or Python 2.7, but nothing previous to that.
Since I don't want to ride a dead horse: Are there still any solutions to use SOAP / WSDL within current Python versions?
Check out: What SOAP libraries exist for Python 3.x?
I've used suds before and it feels good. It does seem pysimplesoap is more maintained though - I've only used pysimplesoap server side, not for consuming (e. client).
I'm very interested in making real-time web apps with Django. Unfortunately, I'm having more than a little bit of problem with setting things up. Some options I'm considering:
Orbited: Seems to be the choice for Django. Unfortunately, their domains have seemingly expired, and with it pretty much all of the documentation I'd need to get it working. I've followed a tutorial on http://mischneider.net/?p=125 but I'm having a mysterious error (see No handlers could be found for logger "stomp.py").
Meteor: I have to say, their website impresses me. Unfortunately, I'm running Windows and there seems to be an abject lack of documentation for anything regarding Windows. So I'm lost.
Cometd: Similar problem: Just don't understand installation.
Tornado: Requires pycurl, which in turn requires curl. Keeps throwing a problem with CURL_DIR then libcurl.lib. After hours of tinkering, have effectively thrown up my hands in frustration.
Please help. I'm very willing at this point to consider, well, ANYTHING. Well, at least if it's documented to a point where I can figure out how to install it and use it with Django.
Any help appreciated.
To do real-time web apps using comet techniques (or websocket) you need a server that can handle long-lived connections and a javascript client. Most of the comet libraries give you both (APE, orbited, etc). Working with websockets seems preferable to me, it's part of HTML5, the client code is really simple to implement, etc. I'd suggest finding an asynch framework/server you like, and implementing the live/real-time part of your project with it.
Gevent has a long-polling asynch chat demo built on Django. Gevent is quite popular and well documented.
Eventlet is a nice concurrent networking library, it's pretty well documented.
Twisted is of course the de facto asynchronous networking library for Python. Here's an example of using websockets with twisted.
Meinheld is a nice lightweight asynchronous webserver, it uses greenlet and has examples of usage with Django, and with websockets.
Uwsgi has great asynchronous support, and tons and tons of features, several examples of various approaches. It has a fair bit of documentation as well.
Also check out the bottle documentation for a good primer on asynchronous applications.
Take a look at EvServer : EvServer documentation.
I want to access web service in Python or/and Perl scripts. What are the most popular and reliable libraries today?
I read this question, and I know about SOAPpy and ZSI. Can anybody say something about this libraries? Are they reliable enough for use in production?
If you're talking about SOAP then for Python I would definitely recommend suds :
https://fedorahosted.org/suds/
Checking couple of libraries for SOAP (including suds) only ZSI worked reliably for me. It is not complicated to use and it just works(tm). I recommend that.
Perl has fantastic CPAN libraries available for doing SOAP. Probably the easiest would be SOAP::Lite:
SOAP::Lite is a collection of Perl modules which provides a simple and lightweight interface to the Simple Object Access Protocol (SOAP) both on client and server side.
See more on the CPAN page.