Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
Experiences Using Django Social Auth
Nandakumar Chandrasekhar
InfoToros Software Private Limited
24 November 2012
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Outline
• Introduction
• Basic Setup of Django Social Auth
• Pros and Cons
• Conclusion
Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Outline
• Introduction
• Basic Setup of Django Social Auth
• Pros and Cons
• Conclusion
Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Outline
• Introduction
• Basic Setup of Django Social Auth
• Pros and Cons
• Conclusion
Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Outline
• Introduction
• Basic Setup of Django Social Auth
• Pros and Cons
• Conclusion
Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Why Social Sign-in?
• Targeted Content - Personalised content which is
useful for the end user.
• Registration - Registration process is fast and user
does not have to enter any data.
• Pre-Validation of details - e.g. Validated email.
• Account linking - Existing users can link their profile
information from their social site account.
Nandakumar Chandrasekhar InfoToros Software Private Limited 3/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Why Social Sign-in?
• Targeted Content - Personalised content which is
useful for the end user.
• Registration - Registration process is fast and user
does not have to enter any data.
• Pre-Validation of details - e.g. Validated email.
• Account linking - Existing users can link their profile
information from their social site account.
Nandakumar Chandrasekhar InfoToros Software Private Limited 3/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Why Social Sign-in?
• Targeted Content - Personalised content which is
useful for the end user.
• Registration - Registration process is fast and user
does not have to enter any data.
• Pre-Validation of details - e.g. Validated email.
• Account linking - Existing users can link their profile
information from their social site account.
Nandakumar Chandrasekhar InfoToros Software Private Limited 3/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Why Social Sign-in?
• Targeted Content - Personalised content which is
useful for the end user.
• Registration - Registration process is fast and user
does not have to enter any data.
• Pre-Validation of details - e.g. Validated email.
• Account linking - Existing users can link their profile
information from their social site account.
Nandakumar Chandrasekhar InfoToros Software Private Limited 3/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
What's in a Name?
• Django Social Auth and Django Socialauth are
different apps.
• Django Social Auth will be the subject of this talk.
Nandakumar Chandrasekhar InfoToros Software Private Limited 4/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Social Sign-in Process
Nandakumar Chandrasekhar InfoToros Software Private Limited 5/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Django Environment Setup Part One
• Install the following prerequisites packages:
1. sudo apt-get install python2.7-dev
2. sudo apt-get install python-setuptools
3. sudo apt-get install postgresql
postgresql-client pgadmin3 libpq-dev
4. sudo pip install -U virtualenv
5. sudo pip install -U distribute
Nandakumar Chandrasekhar InfoToros Software Private Limited 6/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Django Environment Setup Part Two
• Create a virtual environment and install Django:
1. virtualenv --no-site-packages
--distribute <environment_name>
2. sudo pip install -E <environment_name>
django
3. sudo pip install -E <environment_name>
psycopg2
Nandakumar Chandrasekhar InfoToros Software Private Limited 7/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
The Magic Incantation
• Install Django Social Auth:
sudo pip install -E <environment_name>
django-social-auth
Nandakumar Chandrasekhar InfoToros Software Private Limited 8/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Configuration Parameters
• Authentication Backends:
AUTHENTICATION_BACKENDS = (
'social_auth.backends.facebook.Face-
bookBackend',
'django.contrib.auth.backends.Model-
Backend',
)
• Installed apps:
INSTALLED_APPS = (
...
`social_auth',
...
)
Nandakumar Chandrasekhar InfoToros Software Private Limited 9/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Configuration Parameters Cont'd
• Context processors:
TEMPLATE_CONTEXT_PROCESSORS = (
...
'social_auth.context_processors.so-
cial_auth_by_name_backends',
'social_auth.context_processors.so-
cial_auth_backends',
'social_auth.context_processors.so-
cial_auth_by_type_backends',
'social_auth.context_processors.so-
cial_auth_login_redirect',
)
• Define only those required.
Nandakumar Chandrasekhar InfoToros Software Private Limited 10/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Backend Parameters
• Settings for Facebook backend other backends havesimilar settings.
1. FACEBOOK_APP_ID = <APP_ID>
2. FACEBOOK_API_SECRET = <APP_SECRET>
3. FACEBOOK_EXTENDED_PARAMETERS =
<parameters_that_remain_unchanged>
• Note: It is not FACEBOOK_APP_SECRET but
FACEBOOK_API_SECRET.
Nandakumar Chandrasekhar InfoToros Software Private Limited 11/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Social Authentication Pipeline
• Defines the steps through which a user's profile must
be passed through before registration is complete.
• Each step has a specific task and either returns a
dictionary or nothing.
• User defined processing is possible by either:
1. Wrapping a custom function around any of the
default functions.
2. Stopping the pipeline to get extra details from the
user.
3. Adding a custom function as a step in the pipeline.
Nandakumar Chandrasekhar InfoToros Software Private Limited 12/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Social Authentication Pipeline
• Defines the steps through which a user's profile must
be passed through before registration is complete.
• Each step has a specific task and either returns a
dictionary or nothing.
• User defined processing is possible by either:
1. Wrapping a custom function around any of the
default functions.
2. Stopping the pipeline to get extra details from the
user.
3. Adding a custom function as a step in the pipeline.
Nandakumar Chandrasekhar InfoToros Software Private Limited 12/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Social Authentication Pipeline
• Defines the steps through which a user's profile must
be passed through before registration is complete.
• Each step has a specific task and either returns a
dictionary or nothing.
• User defined processing is possible by either:
1. Wrapping a custom function around any of the
default functions.
2. Stopping the pipeline to get extra details from the
user.
3. Adding a custom function as a step in the pipeline.
Nandakumar Chandrasekhar InfoToros Software Private Limited 12/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Default Social Authentication Pipeline
('social_auth.backends.pipeline.social.so-
cial_auth_user',
#'social_auth.backends.pipeline.asso-
ciate.associate_by_email',
'social_auth.back-
ends.pipeline.user.get_username',
'social_auth.backends.pipeline.user.cre-
ate_user',
'social_auth.backends.pipeline.social.as-
sociate_user',
'social_auth.backends.pipeline.so-
cial.load_extra_data',
'social_auth.backends.pipeline.user.up-
date_user_details')
Nandakumar Chandrasekhar InfoToros Software Private Limited 13/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Defining a Custom Pipeline
• Add SOCIAL_AUTH_PIPELINE to settings.py and
define the required steps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 14/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Finishing Touches
• Execute python manage.py syncdb whichcreates:
1. Association table
2. Nonce table
3. User Social Auth table (this one contains all the
users)
• Add urls to urls.py url(r'auth/',
include('social_auth.urls')),
• Define LOGIN_URL, LOGIN_REDIRECT_URL,
LOGIN_ERROR_URL
Nandakumar Chandrasekhar InfoToros Software Private Limited 15/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 1: Exception Handling
• When DEBUG=True exceptions are not handled.
• SOCIAL_AUTH_RAISE_EXCEPTIONS=False does
not work as intended.
• Production behaviour is verifiable only by setting
DEBUG=False.
Nandakumar Chandrasekhar InfoToros Software Private Limited 17/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 1: Exception Handling
• When DEBUG=True exceptions are not handled.
• SOCIAL_AUTH_RAISE_EXCEPTIONS=False does
not work as intended.
• Production behaviour is verifiable only by setting
DEBUG=False.
Nandakumar Chandrasekhar InfoToros Software Private Limited 17/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 1: Exception Handling
• When DEBUG=True exceptions are not handled.
• SOCIAL_AUTH_RAISE_EXCEPTIONS=False does
not work as intended.
• Production behaviour is verifiable only by setting
DEBUG=False.
Nandakumar Chandrasekhar InfoToros Software Private Limited 17/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 2: is_new Variable Unavailability
• The is_new variable is a flag that tells us we are
logging in a new user or existing user.
• Unfortunately is_new is only available after
'social_auth.backends.pipeline.so-
cial.associate_user' step in the
pipeline.
• Hampers the ability to have the user accept terms
and conditions before user creation.
• If the user wishes to back out of using social sign-in
at any point we have to delete the user and cleanup
the database.
Nandakumar Chandrasekhar InfoToros Software Private Limited 18/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 2: is_new Variable Unavailability
• The is_new variable is a flag that tells us we are
logging in a new user or existing user.
• Unfortunately is_new is only available after
'social_auth.backends.pipeline.so-
cial.associate_user' step in the
pipeline.
• Hampers the ability to have the user accept terms
and conditions before user creation.
• If the user wishes to back out of using social sign-in
at any point we have to delete the user and cleanup
the database.
Nandakumar Chandrasekhar InfoToros Software Private Limited 18/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 2: is_new Variable Unavailability
• The is_new variable is a flag that tells us we are
logging in a new user or existing user.
• Unfortunately is_new is only available after
'social_auth.backends.pipeline.so-
cial.associate_user' step in the
pipeline.
• Hampers the ability to have the user accept terms
and conditions before user creation.
• If the user wishes to back out of using social sign-in
at any point we have to delete the user and cleanup
the database.
Nandakumar Chandrasekhar InfoToros Software Private Limited 18/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 2: is_new Variable Unavailability
• The is_new variable is a flag that tells us we are
logging in a new user or existing user.
• Unfortunately is_new is only available after
'social_auth.backends.pipeline.so-
cial.associate_user' step in the
pipeline.
• Hampers the ability to have the user accept terms
and conditions before user creation.
• If the user wishes to back out of using social sign-in
at any point we have to delete the user and cleanup
the database.
Nandakumar Chandrasekhar InfoToros Software Private Limited 18/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 3: Cutting the Pipeline
• You can stop the pipeline to get additional data
from the user.
• The state of the pipeline has to be saved using
'social_auth.back-
ends.pipeline.misc.save_status_to_ses-
sion'
• Problem is the pipeline is restarted at the point
before the session was saved instead of after.
• The fix is to set SOCIAL_AUTH_PIPELINE_RE-
SUME_ENTRY=<pipeline_step>
Nandakumar Chandrasekhar InfoToros Software Private Limited 19/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 3: Cutting the Pipeline
• You can stop the pipeline to get additional data
from the user.
• The state of the pipeline has to be saved using
'social_auth.back-
ends.pipeline.misc.save_status_to_ses-
sion'
• Problem is the pipeline is restarted at the point
before the session was saved instead of after.
• The fix is to set SOCIAL_AUTH_PIPELINE_RE-
SUME_ENTRY=<pipeline_step>
Nandakumar Chandrasekhar InfoToros Software Private Limited 19/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 3: Cutting the Pipeline
• You can stop the pipeline to get additional data
from the user.
• The state of the pipeline has to be saved using
'social_auth.back-
ends.pipeline.misc.save_status_to_ses-
sion'
• Problem is the pipeline is restarted at the point
before the session was saved instead of after.
• The fix is to set SOCIAL_AUTH_PIPELINE_RE-
SUME_ENTRY=<pipeline_step>
Nandakumar Chandrasekhar InfoToros Software Private Limited 19/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 3: Cutting the Pipeline
• You can stop the pipeline to get additional data
from the user.
• The state of the pipeline has to be saved using
'social_auth.back-
ends.pipeline.misc.save_status_to_ses-
sion'
• Problem is the pipeline is restarted at the point
before the session was saved instead of after.
• The fix is to set SOCIAL_AUTH_PIPELINE_RE-
SUME_ENTRY=<pipeline_step>
Nandakumar Chandrasekhar InfoToros Software Private Limited 19/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Further Reading
• Django Social Auth - Github
• Django Social Auth documentation
• Social Login - Wikipedia
• Review of 4 Django Social Auth apps
Nandakumar Chandrasekhar InfoToros Software Private Limited 22/22