Bubbled the exception up to the view so more helpful information can be provided with the 403.

django_openid_auth/auth.py

@@ -77,10 +77,7 @@ class OpenIDBackend:
                 claimed_id__exact=openid_response.identity_url)
         except UserOpenID.DoesNotExist:
             if getattr(settings, 'OPENID_CREATE_USERS', False):
-                try:
-                    user = self.create_user_from_openid(openid_response)
-                except (StrictUsernameViolation, RequiredAttributeNotReturned):
-                    return None
+                user = self.create_user_from_openid(openid_response)
         else:
             user = user_openid.user
 
@@ -181,7 +178,9 @@ class OpenIDBackend:
 
         if getattr(settings, 'OPENID_STRICT_USERNAMES', False):
             if User.objects.filter(username__exact=nickname).count() > 0:
-                raise StrictUsernameViolation("Duplicate username: %s" % nickname)
+                raise StrictUsernameViolation(
+                    "The username (%s) with which you tried to log in is "
+                    "already in use for a different account." % nickname)
 
         # Pick a username for the user based on their nickname,
         # checking for conflicts.
@@ -206,8 +205,8 @@ class OpenIDBackend:
         for required_attr in required_attrs:
             if required_attr not in details or not details[required_attr]:
                 raise RequiredAttributeNotReturned(
-                    "The required attribute '{0}' was not returned.".format(
-                        required_attr))
+                    "An attribute required for logging in was not "
+                    "returned ({0}).".format(required_attr))
 
         nickname = details['nickname'] or 'openiduser'
         email = details['email'] or ''

django_openid_auth/tests/test_views.py

@@ -557,7 +557,10 @@ class RelyingPartyTests(TestCase):
         response = self.complete(openid_response)
 
         # Status code should be 403: Forbidden
-        self.assertEquals(403, response.status_code)
+        self.assertContains(response,
+            "The username (someuser) with which you tried to log in is "
+            "already in use for a different account.",
+            status_code=403)
 
     def test_login_requires_sreg_required_fields(self):
         # If any required attributes are not included in the response,
@@ -584,8 +587,9 @@ class RelyingPartyTests(TestCase):
 
         # Status code should be 403: Forbidden as we didn't include
         # a required field - language.
-        self.assertEquals(403, response.status_code)
-
+        self.assertContains(response,
+            "An attribute required for logging in was not returned "
+            "(language)", status_code=403)
 
     def test_login_update_details(self):
         settings.OPENID_UPDATE_DETAILS_FROM_SREG = True

django_openid_auth/views.py

@@ -51,6 +51,10 @@ from openid.consumer.discover import DiscoveryFailure
 from openid.extensions import sreg, ax
 
 from django_openid_auth import teams
+from django_openid_auth.auth import (
+    RequiredAttributeNotReturned,
+    StrictUsernameViolation,
+    )
 from django_openid_auth.forms import OpenIDLoginForm
 from django_openid_auth.models import UserOpenID
 from django_openid_auth.signals import openid_login_complete
@@ -247,7 +251,11 @@ def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME,
             request, 'This is an OpenID relying party endpoint.')
 
     if openid_response.status == SUCCESS:
-        user = authenticate(openid_response=openid_response)
+        try:
+            user = authenticate(openid_response=openid_response)
+        except (StrictUsernameViolation, RequiredAttributeNotReturned), e:
+            return render_failure(request, e)
+
         if user is not None:
             if user.is_active:
                 auth_login(request, user)