experiences using django social auth - meetup

Experiences Using Django Social Auth

Nandakumar Chandrasekhar

InfoToros Software Private Limited

24 November 2012

Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion

Outline

• Introduction

• Basic Setup of Django Social Auth

• Pros and Cons

• Conclusion

Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22

Outline

• Introduction

• Pros and Cons

• Conclusion

Outline

• Introduction

• Pros and Cons

• Conclusion

Outline

• Introduction

• Pros and Cons

• Conclusion

Why Social Sign-in?

• Targeted Content - Personalised content which is

useful for the end user.

• Registration - Registration process is fast and user

does not have to enter any data.

• Pre-Validation of details - e.g. Validated email.

• Account linking - Existing users can link their profile

information from their social site account.

Why Social Sign-in?

What's in a Name?

• Django Social Auth and Django Socialauth are

different apps.

• Django Social Auth will be the subject of this talk.

Social Sign-in Process

Django Environment Setup Part One

• Install the following prerequisites packages:

1. sudo apt-get install python2.7-dev

2. sudo apt-get install python-setuptools

3. sudo apt-get install postgresql

postgresql-client pgadmin3 libpq-dev

4. sudo pip install -U virtualenv

5. sudo pip install -U distribute

Django Environment Setup Part Two

• Create a virtual environment and install Django:

1. virtualenv --no-site-packages

--distribute <environment_name>

2. sudo pip install -E <environment_name>

django

3. sudo pip install -E <environment_name>

psycopg2

The Magic Incantation

• Install Django Social Auth:

sudo pip install -E <environment_name>

django-social-auth

Configuration Parameters

• Authentication Backends:

AUTHENTICATION_BACKENDS = (

'social_auth.backends.facebook.Face-

bookBackend',

'django.contrib.auth.backends.Model-

Backend',

• Installed apps:

INSTALLED_APPS = (

`social_auth',

Configuration Parameters Cont'd

• Context processors:

TEMPLATE_CONTEXT_PROCESSORS = (

'social_auth.context_processors.so-

cial_auth_by_name_backends',

cial_auth_backends',

cial_auth_by_type_backends',

cial_auth_login_redirect',

• Define only those required.

Backend Parameters

• Settings for Facebook backend other backends havesimilar settings.

1. FACEBOOK_APP_ID = <APP_ID>

2. FACEBOOK_API_SECRET = <APP_SECRET>

3. FACEBOOK_EXTENDED_PARAMETERS =

<parameters_that_remain_unchanged>

• Note: It is not FACEBOOK_APP_SECRET but

FACEBOOK_API_SECRET.

Social Authentication Pipeline

• Defines the steps through which a user's profile must

be passed through before registration is complete.

• Each step has a specific task and either returns a

dictionary or nothing.

• User defined processing is possible by either:

1. Wrapping a custom function around any of the

default functions.

2. Stopping the pipeline to get extra details from the

3. Adding a custom function as a step in the pipeline.

default functions.

Default Social Authentication Pipeline

('social_auth.backends.pipeline.social.so-

cial_auth_user',

#'social_auth.backends.pipeline.asso-

ciate.associate_by_email',

'social_auth.back-

ends.pipeline.user.get_username',

'social_auth.backends.pipeline.user.cre-

ate_user',

'social_auth.backends.pipeline.social.as-

sociate_user',

'social_auth.backends.pipeline.so-

cial.load_extra_data',

'social_auth.backends.pipeline.user.up-

date_user_details')

Defining a Custom Pipeline

• Add SOCIAL_AUTH_PIPELINE to settings.py and

define the required steps.

Finishing Touches

• Execute python manage.py syncdb whichcreates:

1. Association table

2. Nonce table

3. User Social Auth table (this one contains all the

users)

• Add urls to urls.py url(r'auth/',

include('social_auth.urls')),

• Define LOGIN_URL, LOGIN_REDIRECT_URL,

LOGIN_ERROR_URL

• One app to rule them all.

• Ability to plugin custom social sign-in backend.

• Well documented.

• Demo and example source-code availability.

• Supports Django versions 1.2 to 1.4.

• Lead developer replies to emails within 24 hours.

• Plays well with other Social Sign-in apps.

Con No. 1: Exception Handling

• When DEBUG=True exceptions are not handled.

• SOCIAL_AUTH_RAISE_EXCEPTIONS=False does

not work as intended.

• Production behaviour is verifiable only by setting

DEBUG=False.

Con No. 2: is_new Variable Unavailability

• The is_new variable is a flag that tells us we are

logging in a new user or existing user.

• Unfortunately is_new is only available after

cial.associate_user' step in the

pipeline.

• Hampers the ability to have the user accept terms

and conditions before user creation.

• If the user wishes to back out of using social sign-in

at any point we have to delete the user and cleanup

the database.

pipeline.

the database.

pipeline.

the database.

pipeline.

the database.

Con No. 3: Cutting the Pipeline

• You can stop the pipeline to get additional data

from the user.

• The state of the pipeline has to be saved using

'social_auth.back-

ends.pipeline.misc.save_status_to_ses-

• Problem is the pipeline is restarted at the point

before the session was saved instead of after.

• The fix is to set SOCIAL_AUTH_PIPELINE_RE-

SUME_ENTRY=<pipeline_step>

from the user.

'social_auth.back-

from the user.

'social_auth.back-

from the user.

'social_auth.back-

Con No. 4: Partial Username Validation

• Username uniqueness is done.

• Username may contain spaces which is disallowed in

django usernames.

• Length restriction of 30 characters is not checked

• Database error because of the above.

• Roll custom function to check length and uniqueness

of username and length of firstname and lastname.

django usernames.

Summary

• Social Sign-in eases the registration process.

• Websites are able to provide personalised

information.

• Django Socialauth and Django Social Auth are

different apps.

• The Social Sign-in process accesses a social site and

uses the returned details to log the user in.

• Basic setup of a virtual environment to run Django

Social Auth.

• Django Social Auth pros and cons beware.

Summary

information.

different apps.

Social Auth.

Summary

information.

different apps.

Social Auth.

Summary

information.

different apps.

Social Auth.

Summary

information.

different apps.

Social Auth.

Summary

information.

different apps.

Social Auth.

experiences using django social auth - meetup

Documents

django templating more than just - meetup

istal.v13i0 - auth

building apis with django and django rest...

dev objecttives-2015 auth-auth-fine-grained-slides

87559489 auth

meetup django common_problems(1)

never build a login again - the art of using social auth...

django meetup - 20100217 - django-piston€¦ ·...

st.v0i4 - auth

without django -...

django facebook documentation -...

scaling django web apps - files.meetup.com · scaling...

introduction to django - oscon 2012 - o'reilly...

speed is a feature - django meetup buenos aires june 2014

django apps and orm beyond the basics [meetup hosted by...

my talk on docker from moscow django meetup #25

django-auth-ldap documentation

django act as auth documentation -...

why python is best for django?, job trends in django, learn...

auth scorecard