auth: Formally deprecated OpenIDMixin

tornado/auth.py

@@ -97,8 +97,19 @@ class OpenIdMixin:
     Class attributes:
 
     * ``_OPENID_ENDPOINT``: the identity provider's URI.
+
+    .. deprecated:: 6.6
+        OpenID 2.0 is no longer widely supported by identity providers.
+        This class will be removed in Tornado 7.0.
     """
 
+    def __init__(self) -> None:
+        warnings.warn(
+            "OpenIdMixin is deprecated and will be removed in Tornado 7.0",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+
     def authenticate_redirect(
         self,
         callback_uri: str | None = None,

tornado/test/auth_test.py

@@ -18,7 +18,8 @@
 from tornado.httpclient import HTTPClientError
 from tornado.httputil import url_concat
 from tornado.log import app_log
-from tornado.testing import AsyncHTTPTestCase, ExpectLog
+from tornado.testing import AsyncHTTPTestCase, ExpectLog, setup_with_context_manager
+from tornado.test.util import ignore_deprecation
 from tornado.web import Application, HTTPError, RequestHandler
 
 
@@ -273,12 +274,46 @@ def get(self):
         self.write(dict(screen_name="foo", name="Foo"))
 
 
+class OpenIDAuthTest(AsyncHTTPTestCase):
+    def setUp(self):
+        setup_with_context_manager(self, ignore_deprecation())
+        return super().setUp()
+
+    def get_app(self):
+        return Application(
+            [
+                ("/openid/client/login", OpenIdClientLoginHandler, dict(test=self)),
+                ("/openid/server/authenticate", OpenIdServerAuthenticateHandler),
+            ],
+            http_client=self.http_client,
+        )
+
+    def test_openid_redirect(self):
+        with ignore_deprecation():
+            response = self.fetch("/openid/client/login", follow_redirects=False)
+            self.assertEqual(response.code, 302)
+            self.assertIn("/openid/server/authenticate?", response.headers["Location"])
+
+    def test_openid_get_user(self):
+        for i in range(2):
+            with self.subTest(i=i):
+                with ignore_deprecation():
+                    response = self.fetch(
+                        "/openid/client/login?openid.mode=blah"
+                        "&openid.ns.ax=http://openid.net/srv/ax/1.0"
+                        "&openid.ax.type.email=http://axschema.org/contact/email"
+                        "&openid.ax.value.email=foo@example.com"
+                    )
+                response.rethrow()
+                parsed = json_decode(response.body)
+                self.assertEqual(parsed["email"], "foo@example.com")
+
+
 class AuthTest(AsyncHTTPTestCase):
     def get_app(self):
         return Application(
             [
                 # test endpoints
-                ("/openid/client/login", OpenIdClientLoginHandler, dict(test=self)),
                 (
                     "/oauth10/client/login",
                     OAuth1ClientLoginHandler,
@@ -323,7 +358,6 @@ def get_app(self):
                     dict(test=self),
                 ),
                 # simulated servers
-                ("/openid/server/authenticate", OpenIdServerAuthenticateHandler),
                 ("/oauth1/server/request_token", OAuth1ServerRequestTokenHandler),
                 ("/oauth1/server/access_token", OAuth1ServerAccessTokenHandler),
                 ("/facebook/server/access_token", FacebookServerAccessTokenHandler),
@@ -342,24 +376,6 @@ def get_app(self):
             facebook_secret="test_facebook_secret",
         )
 
-    def test_openid_redirect(self):
-        response = self.fetch("/openid/client/login", follow_redirects=False)
-        self.assertEqual(response.code, 302)
-        self.assertIn("/openid/server/authenticate?", response.headers["Location"])
-
-    def test_openid_get_user(self):
-        for i in range(2):
-            with self.subTest(i=i):
-                response = self.fetch(
-                    "/openid/client/login?openid.mode=blah"
-                    "&openid.ns.ax=http://openid.net/srv/ax/1.0"
-                    "&openid.ax.type.email=http://axschema.org/contact/email"
-                    "&openid.ax.value.email=foo@example.com"
-                )
-                response.rethrow()
-                parsed = json_decode(response.body)
-                self.assertEqual(parsed["email"], "foo@example.com")
-
     def test_oauth10_redirect(self):
         response = self.fetch("/oauth10/client/login", follow_redirects=False)
         self.assertEqual(response.code, 302)