Document safe_roots and extensions
diff --git a/docs/index.rst b/docs/index.rst
index 176c9de..29f2a75 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -35,7 +35,7 @@
instance of the :class:`OpenID` object first::
from flask.ext.openid import OpenID
- oid = OpenID(app, '/path/to/store')
+ oid = OpenID(app, '/path/to/store', safe_roots=[])
By default it will use the filesystem as store for information needed by
OpenID for the authentication process. You can alternatively implement
@@ -49,6 +49,12 @@
which case it can later be registered for an application with the
:meth:`~OpenID.init_app` method.
+The list of URL roots that are safe to redirect the user to are passed via
+`safe_roots`. Whenever the url root of the ``'next'`` request argument is not in
+this list, the user will get redirected to the app root. All urls that are local
+to the current app are always regared as trusted. This security mechanism
+can be disabled by leaving `safe_roots` out, but this is not suggested.
+
The current logged in user has to memorized somewhere, we will use the
``'openid'`` key in the `session`. This can be implemented in a
`before_request` function::
@@ -216,6 +222,15 @@
flash(u'You were signed out')
return redirect(oid.get_next_url())
+Advanced usage
+--------------
+
+Flask-OpenID can also work with any python-openid extension.
+To use this, pass a list of instantiated request openid.extension.Extension
+objects in the `extensions` field of :meth:`~OpenID.try_login`.
+The responses of these extensions are available during the :meth:`after_login`
+function, as entries in resp.extensions.
+
Full Example
------------
@@ -225,6 +240,13 @@
Changes
-------
+1.2
+```
+
+- The safe_roots argument and URL security system was added.
+
+- The OpenID extensions system was added.
+
1.0
```