I'm developing a django app that integrates with google apps. I'd like to let the users login with their google apps accounts (accounts in google hosted domains, not google accounts) so they can access their docs, calendar, and whatnot.
In order to do it, I downloaded and started using django_openid_auth (and thus, python-openid).
First, to test it, I used this url in my settings:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'
And with that I managed to redirect the user to the google accounts page to login and then to return to my own domain, with the authentication cycle described by the google folks successfuly completed. However, to login to google accounts is of little use for me, as I'd like the users who have a google apps account in their hosted domain -but not a google account- to login with. In order to do that, I read the google article on discovery " Discovering OpenID Endpoints for Hosted Domains", and changed the aforementioned setting to:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/site-xrds?hd=<my-domain>.com'
-where, obviously, <my-domain>
is my actual domain ;)
But the backend responded with the following message:
OpenID authentication failed: HTTP Response status from identity URL host is not 200. Got status 404
Debugging a little, I managed to find out that the code in python-openid (version 2.2.4) is the one that is misinterpreting the response from google, but I'm quite at loss here.
I have seen the authentication in my own domain work in socialwok.com and puffypoodles.com So I'm quite certain that the auth cycle for my google apps domain works, but somehow python-openid can't seem to complete it (though, and I reiterate, it works just fine with plain old google accounts).
Should I try to fix python-openid, or is there another way to fix this? Has anyone successfuly managed to login with google apps in a pure django app (not in google app engine)?