Registration & Authentication A story about Django and OAUTH Thursday, October 27, 11

Daniel Greenfeld @pydanny Who am I? Daniel Greenfeld (@pydanny) Pythonista at Cartwheel Djangonaut at Revsys http://opencomparison.org Fiancé of Audrey Roy http://www.flickr.com/photos/pydanny/4442245488 Thursday, October 27, 11

Why am I talking? Thursday, October 27, 11

We have needs Thursday, October 27, 11

Daniel Greenfeld @pydanny What we need • Registration of new users • Authentication of existing users • Unless we are an ad-click content farm Thursday, October 27, 11

Daniel Greenfeld @pydanny Use OAUTH • People use Twitter/Facebook/etc • Fewer passwords to memorize • Our site needn’t store passwords • Twitter/Facebook/etc gets to worry about security Thursday, October 27, 11

But OAUTH is a pain Thursday, October 27, 11

Everyone implements it differently Thursday, October 27, 11

Daniel Greenfeld @pydanny Different flavors • Twitter • Facebook • Google • Linkedin • Github (YAY!) • Facebook ARGH The OAUTH specification is not honored well Implementation changes are sometimes not announced Thursday, October 27, 11

You want a tool used by many people Thursday, October 27, 11

Many people means lots of eyes Thursday, October 27, 11

Let’s find a tool! Thursday, October 27, 11

Daniel Greenfeld @pydanny Django Auth Options http://djangopackages.com/grids/g/authentication/ Dozens more if you scroll Thursday, October 27, 11

Daniel Greenfeld @pydanny Many problems • django-tastypie and Piston are for APIs • Most of these lack tests • Most of these lack documentation • Bad code smell Thursday, October 27, 11

They all suck for OAUTH? Thursday, October 27, 11

One Good Tool! Thursday, October 27, 11

Daniel Greenfeld @pydanny django-social-auth • https://github.com/omab/django-social-auth • http://django-social-auth.rtfd.org Thursday, October 27, 11

Daniel Greenfeld @pydanny django-social-auth • Tests! • Docs! • Good code smell! Thursday, October 27, 11

Daniel Greenfeld @pydanny Statistics http://djangopackages.com/packages/p/django-social-auth/ Many downloads Ongoing development Many eyes on the problem Thursday, October 27, 11

Using django-social-auth Thursday, October 27, 11

Daniel Greenfeld @pydanny Get the dependency pip install django-social-auth==0.5.13 Thursday, October 27, 11

Daniel Greenfeld @pydanny Part I: settings.py INSTALLED_APPS = ( ... 'social_auth', ... ) AUTHENTICATION_BACKENDS = ( 'social_auth.backends.contrib.github.GithubBackend', # keep this so you have that admin level backend access! 'django.contrib.auth.backends.ModelBackend', ) Thursday, October 27, 11

Daniel Greenfeld @pydanny Part II: settings.py from django.template.defaultfilters import slugify SOCIAL_AUTH_ENABLED_BACKENDS = ('github',) SOCIAL_AUTH_COMPLETE_URL_NAME = 'socialauth_complete' SOCIAL_AUTH_ASSOCIATE_URL_NAME = 'associate_complete' SOCIAL_AUTH_DEFAULT_USERNAME = lambda u: slugify(u) SOCIAL_AUTH_EXTRA_DATA = False SOCIAL_AUTH_CHANGE_SIGNAL_ONLY = True SOCIAL_AUTH_ASSOCIATE_BY_MAIL = True # associate user via email (Usually you can just go with these as your settings) Thursday, October 27, 11

Daniel Greenfeld @pydanny Part III: root urls.py urlpatterns = patterns("", url('', include('social_auth.urls')), ... ) Thursday, October 27, 11

Daniel Greenfeld @pydanny Part IV: profile/views.py from social_auth.signals import pre_update from social_auth.backends.contrib.github import GithubBackend from profiles.models. import Profile def github_user_update(sender, user, response, details, **kwargs): profile_instance, created = Profile.objects.get_or_create(user=user) profile_instance.save() return True pre_update.connect(github_user_update, sender=GithubBackend) (Not specifying this view in urls - django-social-auth does it for me) Thursday, October 27, 11

Daniel Greenfeld @pydanny Try it yourself! http://djangopackages.com/login/ Thursday, October 27, 11

Thanks! Thursday, October 27, 11