auth: Formally deprecated OpenIDMixin

author Ben Darnell <ben@bendarnell.com>

Fri, 29 May 2026 20:04:56 +0000 (16:04 -0400)

committer Ben Darnell <ben@bendarnell.com>

Fri, 29 May 2026 20:15:25 +0000 (16:15 -0400)
author Ben Darnell <ben@bendarnell.com>
Fri, 29 May 2026 20:04:56 +0000 (16:04 -0400)
committer Ben Darnell <ben@bendarnell.com>
Fri, 29 May 2026 20:15:25 +0000 (16:15 -0400)
diff --git a/tornado/auth.py b/tornado/auth.py

index 31115f6fbcc45335fc0cfcc805aa1030a4fdc9a5..3086ec08549c0c374b44323576eca562e97a1f03 100644 (file)
--- a/tornado/auth.py
+++ b/tornado/auth.py
@@ -97,8 +97,19 @@ class OpenIdMixin:
      Class attributes:
  
      * ``_OPENID_ENDPOINT``: the identity provider's URI.
+
+    .. deprecated:: 6.6
+        OpenID 2.0 is no longer widely supported by identity providers.
+        This class will be removed in Tornado 7.0.
      """
  
+    def __init__(self) -> None:
+        warnings.warn(
+            "OpenIdMixin is deprecated and will be removed in Tornado 7.0",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+
      def authenticate_redirect(
          self,
          callback_uri: str | None = None,
diff --git a/tornado/test/auth_test.py b/tornado/test/auth_test.py

index a411a159a3617e6021ee10bfa8f92028621e74b0..ace828ff4cc152358903c2b08d0ab637c8a5d802 100644 (file)
--- a/tornado/test/auth_test.py
+++ b/tornado/test/auth_test.py
@@ -18,7 +18,8 @@ from tornado.escape import json_decode
  from tornado.httpclient import HTTPClientError
  from tornado.httputil import url_concat
  from tornado.log import app_log
-from tornado.testing import AsyncHTTPTestCase, ExpectLog
+from tornado.testing import AsyncHTTPTestCase, ExpectLog, setup_with_context_manager
+from tornado.test.util import ignore_deprecation
  from tornado.web import Application, HTTPError, RequestHandler
  
  
@@ -273,12 +274,46 @@ class TwitterServerVerifyCredentialsHandler(RequestHandler):
          self.write(dict(screen_name="foo", name="Foo"))
  
  
+class OpenIDAuthTest(AsyncHTTPTestCase):
+    def setUp(self):
+        setup_with_context_manager(self, ignore_deprecation())
+        return super().setUp()
+
+    def get_app(self):
+        return Application(
+            [
+                ("/openid/client/login", OpenIdClientLoginHandler, dict(test=self)),
+                ("/openid/server/authenticate", OpenIdServerAuthenticateHandler),
+            ],
+            http_client=self.http_client,
+        )
+
+    def test_openid_redirect(self):
+        with ignore_deprecation():
+            response = self.fetch("/openid/client/login", follow_redirects=False)
+            self.assertEqual(response.code, 302)
+            self.assertIn("/openid/server/authenticate?", response.headers["Location"])
+
+    def test_openid_get_user(self):
+        for i in range(2):
+            with self.subTest(i=i):
+                with ignore_deprecation():
+                    response = self.fetch(
+                        "/openid/client/login?openid.mode=blah"
+                        "&openid.ns.ax=http://openid.net/srv/ax/1.0"
+                        "&openid.ax.type.email=http://axschema.org/contact/email"
+                        "&openid.ax.value.email=foo@example.com"
+                    )
+                response.rethrow()
+                parsed = json_decode(response.body)
+                self.assertEqual(parsed["email"], "foo@example.com")
+
+
  class AuthTest(AsyncHTTPTestCase):
      def get_app(self):
          return Application(
              [
                  # test endpoints
-                ("/openid/client/login", OpenIdClientLoginHandler, dict(test=self)),
                  (
                      "/oauth10/client/login",
                      OAuth1ClientLoginHandler,
@@ -323,7 +358,6 @@ class AuthTest(AsyncHTTPTestCase):
                      dict(test=self),
                  ),
                  # simulated servers
-                ("/openid/server/authenticate", OpenIdServerAuthenticateHandler),
                  ("/oauth1/server/request_token", OAuth1ServerRequestTokenHandler),
                  ("/oauth1/server/access_token", OAuth1ServerAccessTokenHandler),
                  ("/facebook/server/access_token", FacebookServerAccessTokenHandler),
@@ -342,24 +376,6 @@ class AuthTest(AsyncHTTPTestCase):
              facebook_secret="test_facebook_secret",
          )
  
-    def test_openid_redirect(self):
-        response = self.fetch("/openid/client/login", follow_redirects=False)
-        self.assertEqual(response.code, 302)
-        self.assertIn("/openid/server/authenticate?", response.headers["Location"])
-
-    def test_openid_get_user(self):
-        for i in range(2):
-            with self.subTest(i=i):
-                response = self.fetch(
-                    "/openid/client/login?openid.mode=blah"
-                    "&openid.ns.ax=http://openid.net/srv/ax/1.0"
-                    "&openid.ax.type.email=http://axschema.org/contact/email"
-                    "&openid.ax.value.email=foo@example.com"
-                )
-                response.rethrow()
-                parsed = json_decode(response.body)
-                self.assertEqual(parsed["email"], "foo@example.com")
-
      def test_oauth10_redirect(self):
          response = self.fetch("/oauth10/client/login", follow_redirects=False)
          self.assertEqual(response.code, 302)
author	Ben Darnell <ben@bendarnell.com>
	Fri, 29 May 2026 20:04:56 +0000 (16:04 -0400)
committer	Ben Darnell <ben@bendarnell.com>
	Fri, 29 May 2026 20:15:25 +0000 (16:15 -0400)
tornado/auth.py		patch \| blob \| blame \| history
tornado/test/auth_test.py		patch \| blob \| blame \| history