This is django-browserid, a drop-in Django application that adds support for BrowserID.

To use django-browserid, add it to INSTALLED_APPS in settings.py: :

INSTALLED_APPS = (
    # ...
    'django.contrib.auth',
    'django_browserid',  # Load after auth to monkey-patch it.
    # ...
)

and add django_browserid.auth.BrowserIDBackend to AUTHENTICATION_BACKENDS in settings.py: :

AUTHENTICATION_BACKENDS = (
    # ...
    'django_browserid.auth.BrowserIDBackend',
    # ...
)

Edit your urls.py file and add the following: :

urlpatterns = patterns('',
    # ... 
    (r'^browserid/', include('django_browserid.urls')),
    # ...
)

You can also set the following config in settings.py: :

# Note: No trailing slash
SITE_URL = 'https://example.com'

BrowserID uses an assertion and an audience to verify a the user. This SITE_URL is used to determine the audience. If you don't want to use SITE_URL or it is being used for another purpose, you can use PROTOCOL and DOMAIN, such as: :

PROTOCOL = 'https://'
DOMAIN = 'example.com'
# Optional
PORT = 8001

Either way, for security reasons, it is very important to set either SITE_URL or DOMAIN.

You can also set the following optional config in settings.py (they have sensible defaults): :

# Path to redirect to on successful login.
LOGIN_REDIRECT_URL = '/'

# Path to redirect to on unsuccessful login attempt.
LOGIN_REDIRECT_URL_FAILURE = '/'

# Create user accounts automatically if no user is found.
BROWSERID_CREATE_USER = True

Somewhere in one of your templates, you'll need to create a link and a form with a single hidden input element, which you'll use to submit the BrowserID assertion to the server. If you want to use django_browserid.forms.BrowserIDForm, you could use something like the following template snippet: :

{% if not user.is_authenticated %}
<a id="browserid" href="{% url gracefully_degrade %}">Sign In</a>
<form method="POST" action="{% url browserid_verify %}">
   {{ browserid_form.as_p }}
</form>
{% endif %}

You'll want to include the BrowserID's library at the bottom of this template :

<script src="https://browserid.org/include.js" type="text/javascript"></script>

If you use browserid_form, it is further recommended that you add django_browserid.context_processors.browserid_form to TEMPLATE_CONTEXT_PROCESSORS; this will create the browserid_form variable automatically in RequestContext instances when needed. That is, in settings.py: :

TEMPLATE_CONTEXT_PROCESSORS = (
    # ...
    'django_browserid.context_processors.browserid_form',
    # ...
)

Finally, you'll need some Javascript to handle the onclick event. If you use django_browserid.forms.BrowserIDForm, you can use the javascript in static/browserid.js. Otherwise, you can use it as a basic example: :

$('#browserid').bind('click', function(e) {
  e.preventDefault();
  navigator.id.getVerifiedEmail(function(assertion) {
    if (assertion) {
      var $e = $('#id_assertion');
      $e.val(assertion.toString());
      $e.parent().submit();
    }
  });
});

django-browserid will automatically create a user account for new users if the setting BROWSERID_CREATE_USER is set to True in settings.py. The user account will be created with the verified email returned from the BrowserID verification service, and a URL safe base64 encoded SHA1 of the email with the padding removed as the username.

To provide a customized username, you can provide a different algorytm via your settings.py. :

# settings.py
BROWSERID_CREATE_USER = True
def username(email):
    return email.split('@')[0]
BROWSERID_USERNAME_ALGO = username

You can __disable account creation__, but continue to use the browserid_verify view to authenticate existing users with the following: :

BROWSERID_CREATE_USER = False

If you want full control over account creation, don't use django-browserid's browserid_verify view. Create your own view and use verify to manually verify a BrowserID assertion with something like the following: :

from django_browserid.auth import get_audience, verify
from django_browserid.forms import BrowserIDForm


def myview(request):
   # ...
   if request.method == 'POST':
       form = BrowserIDForm(data=request.POST)
       if not form.is_valid():
           result = verify(form.cleaned_data['assertion'], get_audience(request))
           if result:
               # check for user account, create account for new users, etc
               user = my_get_or_create_user(result.email)

result will be False if the assertion failed, or a dictionary similar to the following: :

{
   u'audience': u'https://mysite.com:443',
   u'email': u'myemail@example.com',
   u'issuer': u'browserid.org',
   u'status': u'okay',
   u'expires': 1311377222765
}

You are of course then free to store the email in the session and prompt the user to sign up using a chosen identifier as their username, or whatever else makes sense for your site.

Obscure Options -------

Unless your really noodling around with BrowserID, you probably won't need these optional config in settings.py (they have sensible defaults): :

# URL of a BrowserID verification service.
BROWSERID_VERIFICATION_URL = 'https://browserid.org/verify'

# Proxy Info, see httplib2 documentation
BROWSERID_PROXY_INFO = None

# CA cert file for validating SSL ceprtificate
BROWSERID_CACERT_FILE = None

# Disable SSL cert validation
BROWSERID_DISABLE_CERT_CHECK = False

This software is licensed under the New BSD License. For more information, read the file LICENSE.

django-browserid is a work in progress. Contributions are welcome. Feel free to fork and contribute!