Allow openid to run in stateless mode

[stevearc]

If we pass 'storage=None' to an openid provider, it should run the python openid consumer in stateless mode.

With the default options I was unable to run multiple wsgi workers and do openid auth because it was using a MemoryStore that was not shared among the workers. In order to run in stateless mode, you have to pass 'store=None' to the openid consumer, but the current OpenID provider was preventing that.

MemoryStore is still the default value for storage, but now if you explicitly pass 'storage=None' it will run in stateless mode.

[mmerickel]

Interesting, I was unaware that python-openid had a stateless mode. What are the implications that I should be aware of here?

[mmerickel]

Also, if you don't mind, could you add some comments to the OpenID docs about this?

[stevearc]

OpenID documents stateless mode here: http://openid.net/specs/openid-authentication-2_0.html#check_auth

python_openid only mentions stateless mode briefly, but from the docs:

If you have no safe place to store your data, construct your consumer with None for the store, and it will operate only in stateless mode. Stateless mode may be slower, put more load on the OpenID provider, and trusts the provider to keep you safe from replay attacks.

Just to double check, did you want me to add the comments in this section?

[mmerickel]

Yeah that'd be a good spot to document the default MemoryStore and new None options.

[mmerickel]

I tested the stateless mode with google and yahoo and they both work fine so I've switched the default to stateless. Thank you for the PR!