Flask-Dance - Speaker Deck

Slide 1

Slide 1 text

FLASK-DANCE Making OAuth Simpler David Baumgold // @singingwolfboy

Slide 2

Slide 2 text

APIS ARE EVERYWHERE

Slide 3

Slide 3 text

OAUTH IS EVERYWHERE

Slide 4

Slide 4 text

OAUTH IS A PAIN

Slide 5

Slide 5 text

source: http://ravi-bhide.blogspot.com/2010/05/oauth-protocol-simplified.html

Slide 6

Slide 6 text

http://www.ibuildings.nl/blog/2013/03/secure-your-rest-api-oauth2-implicit-grant

Slide 7

Slide 7 text

“This story is a ‘Happy Path’ scenario, it doesn't account for token expiry (Access Tokens should expire after a short duration) or errors signing in. In order to get the full details I'd recommend reading the RFC.

Slide 8

Slide 8 text

LET’S IGNORE IT!

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

... WELL CRAP.

Slide 11

Slide 11 text

HOW DO I EVEN OAUTH?

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

Sweet!

Slide 14

Slide 14 text

EASY!

Slide 15

Slide 15 text

UH, OK

Slide 16

Slide 16 text

HUH?

Slide 17

Slide 17 text

WAT.

Slide 18

Slide 18 text

FLASK-OAUTH ➤ Uses the oauth2 module to handle OAuth stuﬀ  (which only supports OAuth 1.0, not OAuth 2.0) ➤ Uses the httplib2 module to handle HTTP stuﬀ  (instead of the fabulous requests module) ➤ Lots of boilerplate code

Slide 19

Slide 19 text

This one!

Slide 20

Slide 20 text

Yay!

Slide 21

Slide 21 text

WAT.

Slide 22

Slide 22 text

FLASK-OAUTHLIB ➤ Uses the oauthlib module to handle OAuth stuﬀ.   This is actually a good thing! ➤ Uses the terrible urllib2 module to handle HTTP stuﬀ  (instead of the fabulous requests module) ➤ Lots of boilerplate code

Slide 23

Slide 23 text

FINE, I’LL DO IT MYSELF

Slide 24

Slide 24 text

FlaskDance Because all the obvious names were taken.

Slide 25

Slide 25 text

BASIC FLASK APP

Slide 26

Slide 26 text

BASIC FLASK APP WITH TWITTER

Slide 27

Slide 27 text

FLASK-DANCE ➤ Uses the oauthlib module to handle OAuth stuff ➤ Uses the requests module to handle HTTP stuff ➤ Uses Flask’s “blueprints” feature to reduce boilerplate code ➤ Sensible defaults for getting started quickly ➤ Useful extension points: different services, different databases ➤ Automated tests with 95% code coverage ➤ Supports the following services out of the box: Facebook, GitHub, Google, Twitter, JIRA, Dropbox, Meetup (or add your own!)

Slide 28

Slide 28 text

ON TO THE DOCS https://flask-dance.readthedocs.org

Slide 29

Slide 29 text

I NEED YOUR HELP

Slide 30

Slide 30 text

WAYS YOU CAN HELP ➤ Try out Flask-Dance, and tell me what you think of it! ➤ Use it in your projects! ➤ Help improve the documentation! ➤ Add more builtin providers! ➤ Help build a server component! ➤ Tell your friends that OAuth doesn’t have to be painful anymore! ANY QUESTIONS? David Baumgold // @singingwolfboy