Richard Jones' Log: PyPI is an OpenID provider

Mon, 30 Jan 2012

PyPI is now an OpenID provider.

To use this OpenID provider, enter into any form that expects an OpenID*. Should the service not support OpenID 2, you will have to enter instead (using your PyPI username.) Log into PyPI and visit your details page if you'd like to cut-n-paste the URL.

We follow the emerging approach that you have to sign into PyPI before signing into the actual services. This is intended to prevent phishing, as otherwise the relying party may fake PyPI's login page and collect your PyPI password (which they can still do if you fall for it.) It also avoids "nested" logins (i.e. where you need to log into PyPI with an OpenID while trying to login elsewhere with the PyPI id.)

If you find any problems with this service, please report them to the PyPI bug tracker.

*: of course for sites that extend PyPI this can be simplified to a simple button saying "link to my PyPI account".