Make the login_complete view csrf_exempt, since it can legitimately

receive cross site POST requests from the provider.  The minimum 
required version of Django is now 1.2.

django_openid_auth/views.py

@@ -40,6 +40,7 @@ from django.http import HttpResponse, HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.template.loader import render_to_string
+from django.views.decorators.csrf import csrf_exempt
 
 from openid.consumer.consumer import (
     Consumer, SUCCESS, CANCEL, FAILURE)
@@ -210,6 +211,7 @@ def login_begin(request, template_name='openid/login.html',
     return render_openid_request(request, openid_request, return_to)
 
 
+@csrf_exempt
 def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME):
     redirect_to = request.REQUEST.get(redirect_field_name, '')
 

example_consumer/settings.py

@@ -90,6 +90,7 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
 )
 
 ROOT_URLCONF = 'example_consumer.urls'

setup.py

@@ -76,5 +76,5 @@ setup(
         'django_openid_auth': ['templates/openid/*.html'],
         },
     provides=['django_openid_auth'],
-    requires=['django (>=1.0)', 'openid (>=2.2.0)'],
+    requires=['django (>=1.2)', 'openid (>=2.2.0)'],
     )