I'm writing a webapp that heavily uses the StackExchange API. I'm currently using OpenID authentication but given the only people that will use the site will be SE members, I've been wondering if there's a library for Django (or Python, in general) that can handle the login process for me.
I'm specifically thinking of something that slots into the process like the django_openid_auth project does.
Look at django-allauth. The supported authentication providers are:
Facebook (both OAuth2 and JS SDK)
Github
Google (OAuth2)
LinkedIn
OpenId
Persona
SoundCloud (OAuth2)
Stack Exchange (OAuth2)
Twitter
You can use django-allauth for signup/login process as it supports Stack Exchange OAuth2.
Since your app heavily uses StackExchange API, you should consider using Py-StackExchange along with django-allauth. Please have a look at FAQ and it's API support for StackExchange.
You have Py-StackExchange, perfect for using from Python. Check out the code at GitHub or its page at StackApps.
Added after Oli's comment
For managing login/registration there are some good working projects. You can read a good review of 4 of the most common libraries at hackerluddite. Django-social-auth and django-allauth are likely the most complete, stable and used.
Related
We are trying to integrate a Django application with an OpenID Connect (OIDC) provider as a Relying Party. The provider isn't a major vendor, and thus doesn't have custom-built packages, so we are leveraging Authlib. This works, but I'm stressed about the amount of custom code we are having to put in to manage the session and redirects and whatnot.
I have experience in the Ruby and Node.js worlds, and those communities have the general-purpose authentication tools OmniAuth and Passport, respectively. Is there an equivalent for Django?
Closest I've found is mozilla-django-oidc, which I may try — curious if there are others I'm missing. Surprised I haven't come across anything that hooks into the Django authentication system.
Thanks!
I am building a single page javascript app using dart, what are the recommended ways to handle user authentication and registration?
Take a look at http://code.google.com/p/google-api-dart-client/ for information about using oAuth with Dart.
I noticed that you tagged this with django. I'm assuming then that you are using Django in some way. If that is the case, can you not use the authentication provided by Django itself?
There is now the easy to use Google OAuth2 Library, which you can get from Pub.
Here is a great guide on how to use the package from Dartwatch.
I'm just brainstorming, and don't really know much about these technologies yet. What I want to do is provide an easy and secure for users to prove who they are across multiple web sites, and I want to provide a way for web sites to share certain information with each other (if the user gives them permission). After a little reading, it seems like OpenID and OAuth would be the best way to solve this problem (right?).
After searching, I've found two interesting projects. One is "Step2" which only has Java libraries (not a problem for me, but other, partner websites might not be coded in Java), and looks like it has been abandoned. Another is "OpenID Connect," which doesn't look like it's even been started.
So, I've guess I've got three questions. Is linking OpenID and OAuth what I should be doing? Is there a OpenID+OAuth project that has a lot of support? If not, would it be easy to integrate the two myself?
OpenID is interesting in cases like Stack Overflow where you want to let people log in with external credentials but not with the intent of exchanging data with that external site.
But I don't think you need OpenID for the scenario described... by putting users through the OAuth flow, users are effectively "proving who they are across multiple web sites" as part of the authorization process.
Describe OpenID and OAuth, how works OAuth and what does OAuth.
DotNetOpenAuth is an open source library that supports OpenID, OAuth and
support for your site visitors to login with their OpenIDs.
Document describes OAuth authorization process as well as how to work with OAuth tokens.
Also gives an overview that How to implement Google using OAuth for our web application's.
I will launch soo a new iPhone app and want to off-load the forums to my actual FogBugz On Demand account.
However, I discover that FOD have no facility to integrate Single sing-on. I use django and have the option to use open-id, but not know if exist a way to make this happend.
Obviously, I could hack a simple forums like the one on FogBugz in django or reuse one, but I just think that aintegrated forum with the bug tracking is the best thing.
Any idea?
FogBugz On Demand now natively includes some authentication methods other than the standard username/password authentication.
Setting up authentication with Google's OAuth is quite simple for companies using Google Apps for work email. Once an administrator enables OAuth following the instructions in this article on Fog Creek Software's help site, logging in is as simple as clicking the OAuth button on the login page. All of the users' settings are retained.
If you’re already managing the rest of your authentication through a SAML 2.0 provider, you can also use your identity provider for FogBugz login. Steps for configuring SSO can be found in this article. This requires a bit more configuration than OAuth, but will work for companies that don't use Google Apps for email.
Of course, if you have any questions about configuring SSO in FogBugz, you can always contact customer support at http://www.fogcreek.com/contact/.
From the FogBugz forum:
http://support.fogcreek.com/default.asp?fogbugz.4.102256.3
I believe this is you there also. The answer provided shouldn't be too difficult to implement.
I'm going to be developing a REST-ful Web Service for a new public website. The idea behind the web service is to have 3rd parties develop fully functional UIs for the business logic.
For security reasons, I'd like to avoid users having to give their passwords for our service to the 3rd party applications. (Perhaps this shouldn't be a big concern?) Instead, I'm looking to implement some sort of login system on our site that provides an auth token to the 3rd party app but keeps the actual password out of their hands.
This made me think that OpenID might be a potential solution here. It seems to me that it should work: the actual password is handled by the OpenID provider and so it doesn't rest with the 3rd party app. I think that the trouble would probably lie with the various passthroughs, but that should be manageable.
However, there's a surprising lack of Googleable info on this, so I'd like SO's opinion. Has anyone implemented a similar system before? Is it even possible? Is it worth the trouble?
I agree completely that what you want is OAuth; I say that having worked on both OAuth and OpenID systems. I've also been in your boat a few times, having to develop a REST web service api.
For a really good ideas on OAuth, and why it is what you want see these attached article:
These are must read, there are four parts read them all:
http://hueniverse.com/oauth/guide/
the RFC, read after reading above as it can be a little daunting for most:
http://oauth.net/core/1.0
And then finally maybe some code. I have a couple projects hosted that are using Java/Groovy to do OAuth. One is a plain old OAuth client, the other is a client for specific interactions with NetFlix.
http://www.blueleftistconstructor.com/projects/
If you are relatively inexperienced with REST (you haven't built a full scale web api yet) I would recommend that you buy (or better get your boss to) "RESTful Web Services" by Richardson & Ruby. It is an O'Reilly book. I can say that it is one of their better books to debut in the past few years.
It might also help to look at some RESTful OAuth based APIs. The NetFlix API is a perfect example: http://developer.netflix.com/docs
Good luck and happy coding!
So far, I've found 1 worthwhile link:
http://markmail.org/message/utf7js473zqv45hv
This conversation mentions something called "OpenID Exchange" which is right up my alley... but the included link is broken and there's not much solid information on Google for it.
Looks like OAuth might be the ticket: http://oauth.net/
We have been working on a project to integrate OpenID Authentication for SOAP web services. You can find our project at http://code.google.com/p/ws-sandhana/.
You can provide Single Sing On to your web services using OpenID authentication and you can enforce the trusted OpenID Providers and required attributes of the users by defining service security policies.
This is an open source implementation on Apache Rampart which is the security module for Apache Axis2 web service engine. You can find our blog at http://sandhana-project.blogspot.com/ for more information.