Check secure OpenID redirect?

The process for openid login for my server redirects to google, for example, then google redirects back to a p开发者_运维技巧age with parameters in the parameter string. how do I verify this really came from google?

Those parameters probably contain an OpenID assertion (or an error). You can verify the assertion by following the instructions in the OpenID spec:

http://openid.net/specs/openid-authentication-2_0.html#verification

You probably don't want to do all the work yourself, though, since it's a bit complicated. The Janrain OpenID library for python can simplify the process somewhat:

http://www.janrain.com/openid-enabled

To make things even simpler, find an OpenID plugin for your web framework. Here is one for Flask:

http://packages.python.org/Flask-OpenID/