Slide 1

Slide 1 text

Registration & Authentication A story about Django and OAUTH Thursday, October 27, 11

Slide 2

Slide 2 text

Daniel Greenfeld @pydanny Who am I? Daniel Greenfeld (@pydanny) Pythonista at Cartwheel Djangonaut at Revsys http://opencomparison.org Fiancé of Audrey Roy http://www.flickr.com/photos/pydanny/4442245488 Thursday, October 27, 11

Slide 3

Slide 3 text

Why am I talking? Thursday, October 27, 11

Slide 4

Slide 4 text

We have needs Thursday, October 27, 11

Slide 5

Slide 5 text

Daniel Greenfeld @pydanny What we need • Registration of new users • Authentication of existing users • Unless we are an ad-click content farm Thursday, October 27, 11

Slide 6

Slide 6 text

Daniel Greenfeld @pydanny Use OAUTH • People use Twitter/Facebook/etc • Fewer passwords to memorize • Our site needn’t store passwords • Twitter/Facebook/etc gets to worry about security Thursday, October 27, 11

Slide 7

Slide 7 text

But OAUTH is a pain Thursday, October 27, 11

Slide 8

Slide 8 text

Everyone implements it differently Thursday, October 27, 11

Slide 9

Slide 9 text

Daniel Greenfeld @pydanny Different flavors • Twitter • Facebook • Google • Linkedin • Github (YAY!) • Facebook ARGH The OAUTH specification is not honored well Implementation changes are sometimes not announced Thursday, October 27, 11

Slide 10

Slide 10 text

You want a tool used by many people Thursday, October 27, 11

Slide 11

Slide 11 text

Many people means lots of eyes Thursday, October 27, 11

Slide 12

Slide 12 text

Let’s find a tool! Thursday, October 27, 11

Slide 13

Slide 13 text

Daniel Greenfeld @pydanny Django Auth Options http://djangopackages.com/grids/g/authentication/ Dozens more if you scroll Thursday, October 27, 11

Slide 14

Slide 14 text

Daniel Greenfeld @pydanny Many problems • django-tastypie and Piston are for APIs • Most of these lack tests • Most of these lack documentation • Bad code smell Thursday, October 27, 11

Slide 15

Slide 15 text

They all suck for OAUTH? Thursday, October 27, 11

Slide 16

Slide 16 text

One Good Tool! Thursday, October 27, 11

Slide 17

Slide 17 text

Daniel Greenfeld @pydanny django-social-auth • https://github.com/omab/django-social-auth • http://django-social-auth.rtfd.org Thursday, October 27, 11

Slide 18

Slide 18 text

Daniel Greenfeld @pydanny django-social-auth • Tests! • Docs! • Good code smell! Thursday, October 27, 11

Slide 19

Slide 19 text

Daniel Greenfeld @pydanny Statistics http://djangopackages.com/packages/p/django-social-auth/ Many downloads Ongoing development Many eyes on the problem Thursday, October 27, 11

Slide 20

Slide 20 text

Using django-social-auth Thursday, October 27, 11

Slide 21

Slide 21 text

Daniel Greenfeld @pydanny Get the dependency pip install django-social-auth==0.5.13 Thursday, October 27, 11

Slide 22

Slide 22 text

Daniel Greenfeld @pydanny Part I: settings.py INSTALLED_APPS = ( ... 'social_auth', ... ) AUTHENTICATION_BACKENDS = ( 'social_auth.backends.contrib.github.GithubBackend', # keep this so you have that admin level backend access! 'django.contrib.auth.backends.ModelBackend', ) Thursday, October 27, 11

Slide 23

Slide 23 text

Daniel Greenfeld @pydanny Part II: settings.py from django.template.defaultfilters import slugify SOCIAL_AUTH_ENABLED_BACKENDS = ('github',) SOCIAL_AUTH_COMPLETE_URL_NAME = 'socialauth_complete' SOCIAL_AUTH_ASSOCIATE_URL_NAME = 'associate_complete' SOCIAL_AUTH_DEFAULT_USERNAME = lambda u: slugify(u) SOCIAL_AUTH_EXTRA_DATA = False SOCIAL_AUTH_CHANGE_SIGNAL_ONLY = True SOCIAL_AUTH_ASSOCIATE_BY_MAIL = True # associate user via email (Usually you can just go with these as your settings) Thursday, October 27, 11

Slide 24

Slide 24 text

Daniel Greenfeld @pydanny Part III: root urls.py urlpatterns = patterns("", url('', include('social_auth.urls')), ... ) Thursday, October 27, 11

Slide 25

Slide 25 text

Daniel Greenfeld @pydanny Part IV: profile/views.py from social_auth.signals import pre_update from social_auth.backends.contrib.github import GithubBackend from profiles.models. import Profile def github_user_update(sender, user, response, details, **kwargs): profile_instance, created = Profile.objects.get_or_create(user=user) profile_instance.save() return True pre_update.connect(github_user_update, sender=GithubBackend) (Not specifying this view in urls - django-social-auth does it for me) Thursday, October 27, 11

Slide 26

Slide 26 text

Daniel Greenfeld @pydanny Try it yourself! http://djangopackages.com/login/ Thursday, October 27, 11

Slide 27

Slide 27 text

Thanks! Thursday, October 27, 11