Launchpad itself

Applications can't easily map an SSO account to a Launchpad one

Bug #1005330 reported by William Grant
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
William Grant

Bug Description

Applications relying on SSO for authentication and Launchpad data for authorization need a way to reliably map from an SSO account to a Launchpad person.

The most correct way to do this right now is to look at the Launchpad username returned in SSO's OpenID sreg response, but access to this information is restricted and we'd like to eventually deprecate SSO's transmission of it. Some consumers have come up with more creative ways, including scraping the user's primary identifier from the delegation information on Person:+index and hoping that they use that identifier to authenticate.

We can solve this once and for all by adding a public Launchpad API method to look up a person by OpenID identifier. We already have an internal one and one for xmlrpc-private.

Related branches

lp:~wgrant/launchpad/bug-1005330
Benji York (community): Approve (code)
Diff: 367 lines (+179/-72)
7 files modified
lib/lp/registry/browser/tests/test_person_webservice.py (+89/-0)
lib/lp/registry/interfaces/person.py (+14/-1)
lib/lp/registry/model/person.py (+25/-0)
lib/lp/registry/stories/webservice/xx-people.txt (+0/-71)
lib/lp/registry/tests/test_personset.py (+34/-0)
lib/lp/testing/__init__.py (+3/-0)
lib/lp/testing/_login.py (+14/-0)
William Grant (wgrant)
tags: added: api easy openid
Revision history for this message
Robert Collins (lifeless) wrote :

So, checklist of things we need to consider:
 - private people? doesn't exist
 - private teams ? should never have an openid - but can we check that that is so constrained?
 - privacy of openids - they are not meant to be guessable, so not a problem

This can run anonymously, I think.

Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r15316 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/15316>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
William Grant (wgrant)
tags: added: qa-ok
removed: qa-needstesting
Revision history for this message
William Grant (wgrant) wrote :

$ lp-shell production devel
E: ipython not available. Using normal python shell.
Connected to LP service "https://api.launchpad.net/" with API version "devel":
Note: LP can be accessed through the "lp" object.
>>> lp.people.getByOpenIDIdentifier(identifier='https://login.launchpad.net/+id/4tLsDY8').name
u'wgrant'
>>> lp.people.getByOpenIDIdentifier(identifier='https://login.ubuntu.com/+id/4tLsDY8').name
u'wgrant'

Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.