{"id":21828,"library":"python-openid","title":"python-openid","description":"Python OpenID library for server and consumer implementations. Current version is 2.2.5, released 2014. In maintenance mode with no active development; last release was over a decade ago.","status":"maintenance","version":"2.2.5","language":"python","source_language":"en","source_url":"https://github.com/openid/python-openid","tags":["openid","authentication","sso","legacy","python2"],"install":[{"cmd":"pip install python-openid","lang":"bash","label":"Install from PyPI"}],"dependencies":[{"reason":"Used for safe XML parsing to prevent XXE attacks.","package":"defusedxml","optional":true}],"imports":[{"note":"Wrong import due to incorrect module path.","wrong":"from openid import Consumer","symbol":"Consumer","correct":"from openid.consumer.consumer import Consumer"},{"note":"Wrong import; store is a subpackage, not a module directly under openid.","wrong":"from openid import store","symbol":"store","correct":"from openid.store import memstore, filestore"}],"quickstart":{"code":"from openid.consumer.consumer import Consumer\nfrom openid.store.memstore import MemoryStore\nfrom openid.fetchers import setDefaultFetcher, Urllib2Fetcher\n\nstore = MemoryStore()\nconsumer = Consumer({}, store)\nsetDefaultFetcher(Urllib2Fetcher())\nreturn_to = 'http://example.com/openid/return'\n# Use consumer.begin(openid_url) to initiate authentication\n# Then handle the response in your return endpoint.","lang":"python","description":"Initialize a Consumer with a memory store and default fetcher to begin the OpenID authentication flow."},"warnings":[{"fix":"Use a fork like python3-openid or migrate to python-openid2 (which supports Python 3 though still unmaintained).","message":"Python 2 only: python-openid 2.x is Python 2 only. No Python 3 official release exists.","severity":"breaking","affected_versions":"2.x"},{"fix":"Consider using a maintained alternative like python3-openid or authlib.","message":"Last release in 2014: The library is effectively dead. No security patches, no modern OpenID Connect support.","severity":"deprecated","affected_versions":"all"},{"fix":"Install defusedxml: pip install defusedxml","message":"Dependency on defusedxml not enforced: You must manually install defusedxml for safe XML parsing, otherwise vulnerable to XXE.","severity":"gotcha","affected_versions":"2.2.5"},{"fix":"Call openid.fetchers.setDefaultFetcher(Urllib2Fetcher()) early in your app.","message":"Fetcher configuration required: You must set a default fetcher (e.g., Urllib2Fetcher) before making requests, or discovery will fail silently.","severity":"gotcha","affected_versions":"2.x"}],"env_vars":null,"last_verified":"2026-04-27T00:00:00.000Z","next_check":"2026-07-26T00:00:00.000Z","problems":[{"fix":"Verify the OpenID URL is correct and accessible. Check that the provider's server supports OpenID. Add error handling to catch HTTPFetchingError.","cause":"The OpenID provider's XRDS or Yadis document is missing or unreachable due to incorrect URL or network issues.","error":"openid.fetchers.HTTPFetchingError: Not Found"},{"fix":"Use from openid.consumer.consumer import Consumer.","cause":"Wrong import: attempting to access consumer directly from top-level openid module instead of subpackage.","error":"AttributeError: module 'openid' has no attribute 'consumer'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}