Experiences Using Django Social Auth
Nandakumar Chandrasekhar
InfoToros Software Private Limited
24 November 2012
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Outline
• Introduction
• Basic Setup of Django Social Auth
• Pros and Cons
• Conclusion
Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Outline
• Introduction
• Basic Setup of Django Social Auth
• Pros and Cons
• Conclusion
Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Outline
• Introduction
• Basic Setup of Django Social Auth
• Pros and Cons
• Conclusion
Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Outline
• Introduction
• Basic Setup of Django Social Auth
• Pros and Cons
• Conclusion
Nandakumar Chandrasekhar InfoToros Software Private Limited 2/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Why Social Sign-in?
• Targeted Content - Personalised content which is
useful for the end user.
• Registration - Registration process is fast and user
does not have to enter any data.
• Pre-Validation of details - e.g. Validated email.
• Account linking - Existing users can link their profile
information from their social site account.
Nandakumar Chandrasekhar InfoToros Software Private Limited 3/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Why Social Sign-in?
• Targeted Content - Personalised content which is
useful for the end user.
• Registration - Registration process is fast and user
does not have to enter any data.
• Pre-Validation of details - e.g. Validated email.
• Account linking - Existing users can link their profile
information from their social site account.
Nandakumar Chandrasekhar InfoToros Software Private Limited 3/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Why Social Sign-in?
• Targeted Content - Personalised content which is
useful for the end user.
• Registration - Registration process is fast and user
does not have to enter any data.
• Pre-Validation of details - e.g. Validated email.
• Account linking - Existing users can link their profile
information from their social site account.
Nandakumar Chandrasekhar InfoToros Software Private Limited 3/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Why Social Sign-in?
• Targeted Content - Personalised content which is
useful for the end user.
• Registration - Registration process is fast and user
does not have to enter any data.
• Pre-Validation of details - e.g. Validated email.
• Account linking - Existing users can link their profile
information from their social site account.
Nandakumar Chandrasekhar InfoToros Software Private Limited 3/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
What's in a Name?
• Django Social Auth and Django Socialauth are
different apps.
• Django Social Auth will be the subject of this talk.
Nandakumar Chandrasekhar InfoToros Software Private Limited 4/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Social Sign-in Process
Nandakumar Chandrasekhar InfoToros Software Private Limited 5/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Django Environment Setup Part One
• Install the following prerequisites packages:
1. sudo apt-get install python2.7-dev
2. sudo apt-get install python-setuptools
3. sudo apt-get install postgresql
postgresql-client pgadmin3 libpq-dev
4. sudo pip install -U virtualenv
5. sudo pip install -U distribute
Nandakumar Chandrasekhar InfoToros Software Private Limited 6/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Django Environment Setup Part Two
• Create a virtual environment and install Django:
1. virtualenv --no-site-packages
--distribute <environment_name>
2. sudo pip install -E <environment_name>
django
3. sudo pip install -E <environment_name>
psycopg2
Nandakumar Chandrasekhar InfoToros Software Private Limited 7/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
The Magic Incantation
• Install Django Social Auth:
sudo pip install -E <environment_name>
django-social-auth
Nandakumar Chandrasekhar InfoToros Software Private Limited 8/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Configuration Parameters
• Authentication Backends:
AUTHENTICATION_BACKENDS = (
'social_auth.backends.facebook.Face-
bookBackend',
'django.contrib.auth.backends.Model-
Backend',
)
• Installed apps:
INSTALLED_APPS = (
...
`social_auth',
...
)
Nandakumar Chandrasekhar InfoToros Software Private Limited 9/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Configuration Parameters Cont'd
• Context processors:
TEMPLATE_CONTEXT_PROCESSORS = (
...
'social_auth.context_processors.so-
cial_auth_by_name_backends',
'social_auth.context_processors.so-
cial_auth_backends',
'social_auth.context_processors.so-
cial_auth_by_type_backends',
'social_auth.context_processors.so-
cial_auth_login_redirect',
)
• Define only those required.
Nandakumar Chandrasekhar InfoToros Software Private Limited 10/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Backend Parameters
• Settings for Facebook backend other backends havesimilar settings.
1. FACEBOOK_APP_ID = <APP_ID>
2. FACEBOOK_API_SECRET = <APP_SECRET>
3. FACEBOOK_EXTENDED_PARAMETERS =
<parameters_that_remain_unchanged>
• Note: It is not FACEBOOK_APP_SECRET but
FACEBOOK_API_SECRET.
Nandakumar Chandrasekhar InfoToros Software Private Limited 11/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Social Authentication Pipeline
• Defines the steps through which a user's profile must
be passed through before registration is complete.
• Each step has a specific task and either returns a
dictionary or nothing.
• User defined processing is possible by either:
1. Wrapping a custom function around any of the
default functions.
2. Stopping the pipeline to get extra details from the
user.
3. Adding a custom function as a step in the pipeline.
Nandakumar Chandrasekhar InfoToros Software Private Limited 12/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Social Authentication Pipeline
• Defines the steps through which a user's profile must
be passed through before registration is complete.
• Each step has a specific task and either returns a
dictionary or nothing.
• User defined processing is possible by either:
1. Wrapping a custom function around any of the
default functions.
2. Stopping the pipeline to get extra details from the
user.
3. Adding a custom function as a step in the pipeline.
Nandakumar Chandrasekhar InfoToros Software Private Limited 12/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Social Authentication Pipeline
• Defines the steps through which a user's profile must
be passed through before registration is complete.
• Each step has a specific task and either returns a
dictionary or nothing.
• User defined processing is possible by either:
1. Wrapping a custom function around any of the
default functions.
2. Stopping the pipeline to get extra details from the
user.
3. Adding a custom function as a step in the pipeline.
Nandakumar Chandrasekhar InfoToros Software Private Limited 12/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Default Social Authentication Pipeline
('social_auth.backends.pipeline.social.so-
cial_auth_user',
#'social_auth.backends.pipeline.asso-
ciate.associate_by_email',
'social_auth.back-
ends.pipeline.user.get_username',
'social_auth.backends.pipeline.user.cre-
ate_user',
'social_auth.backends.pipeline.social.as-
sociate_user',
'social_auth.backends.pipeline.so-
cial.load_extra_data',
'social_auth.backends.pipeline.user.up-
date_user_details')
Nandakumar Chandrasekhar InfoToros Software Private Limited 13/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Defining a Custom Pipeline
• Add SOCIAL_AUTH_PIPELINE to settings.py and
define the required steps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 14/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Finishing Touches
• Execute python manage.py syncdb whichcreates:
1. Association table
2. Nonce table
3. User Social Auth table (this one contains all the
users)
• Add urls to urls.py url(r'auth/',
include('social_auth.urls')),
• Define LOGIN_URL, LOGIN_REDIRECT_URL,
LOGIN_ERROR_URL
Nandakumar Chandrasekhar InfoToros Software Private Limited 15/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Pros
• One app to rule them all.
• Ability to plugin custom social sign-in backend.
• Well documented.
• Demo and example source-code availability.
• Supports Django versions 1.2 to 1.4.
• Lead developer replies to emails within 24 hours.
• Plays well with other Social Sign-in apps.
Nandakumar Chandrasekhar InfoToros Software Private Limited 16/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 1: Exception Handling
• When DEBUG=True exceptions are not handled.
• SOCIAL_AUTH_RAISE_EXCEPTIONS=False does
not work as intended.
• Production behaviour is verifiable only by setting
DEBUG=False.
Nandakumar Chandrasekhar InfoToros Software Private Limited 17/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 1: Exception Handling
• When DEBUG=True exceptions are not handled.
• SOCIAL_AUTH_RAISE_EXCEPTIONS=False does
not work as intended.
• Production behaviour is verifiable only by setting
DEBUG=False.
Nandakumar Chandrasekhar InfoToros Software Private Limited 17/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 1: Exception Handling
• When DEBUG=True exceptions are not handled.
• SOCIAL_AUTH_RAISE_EXCEPTIONS=False does
not work as intended.
• Production behaviour is verifiable only by setting
DEBUG=False.
Nandakumar Chandrasekhar InfoToros Software Private Limited 17/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 2: is_new Variable Unavailability
• The is_new variable is a flag that tells us we are
logging in a new user or existing user.
• Unfortunately is_new is only available after
'social_auth.backends.pipeline.so-
cial.associate_user' step in the
pipeline.
• Hampers the ability to have the user accept terms
and conditions before user creation.
• If the user wishes to back out of using social sign-in
at any point we have to delete the user and cleanup
the database.
Nandakumar Chandrasekhar InfoToros Software Private Limited 18/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 2: is_new Variable Unavailability
• The is_new variable is a flag that tells us we are
logging in a new user or existing user.
• Unfortunately is_new is only available after
'social_auth.backends.pipeline.so-
cial.associate_user' step in the
pipeline.
• Hampers the ability to have the user accept terms
and conditions before user creation.
• If the user wishes to back out of using social sign-in
at any point we have to delete the user and cleanup
the database.
Nandakumar Chandrasekhar InfoToros Software Private Limited 18/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 2: is_new Variable Unavailability
• The is_new variable is a flag that tells us we are
logging in a new user or existing user.
• Unfortunately is_new is only available after
'social_auth.backends.pipeline.so-
cial.associate_user' step in the
pipeline.
• Hampers the ability to have the user accept terms
and conditions before user creation.
• If the user wishes to back out of using social sign-in
at any point we have to delete the user and cleanup
the database.
Nandakumar Chandrasekhar InfoToros Software Private Limited 18/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 2: is_new Variable Unavailability
• The is_new variable is a flag that tells us we are
logging in a new user or existing user.
• Unfortunately is_new is only available after
'social_auth.backends.pipeline.so-
cial.associate_user' step in the
pipeline.
• Hampers the ability to have the user accept terms
and conditions before user creation.
• If the user wishes to back out of using social sign-in
at any point we have to delete the user and cleanup
the database.
Nandakumar Chandrasekhar InfoToros Software Private Limited 18/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 3: Cutting the Pipeline
• You can stop the pipeline to get additional data
from the user.
• The state of the pipeline has to be saved using
'social_auth.back-
ends.pipeline.misc.save_status_to_ses-
sion'
• Problem is the pipeline is restarted at the point
before the session was saved instead of after.
• The fix is to set SOCIAL_AUTH_PIPELINE_RE-
SUME_ENTRY=<pipeline_step>
Nandakumar Chandrasekhar InfoToros Software Private Limited 19/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 3: Cutting the Pipeline
• You can stop the pipeline to get additional data
from the user.
• The state of the pipeline has to be saved using
'social_auth.back-
ends.pipeline.misc.save_status_to_ses-
sion'
• Problem is the pipeline is restarted at the point
before the session was saved instead of after.
• The fix is to set SOCIAL_AUTH_PIPELINE_RE-
SUME_ENTRY=<pipeline_step>
Nandakumar Chandrasekhar InfoToros Software Private Limited 19/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 3: Cutting the Pipeline
• You can stop the pipeline to get additional data
from the user.
• The state of the pipeline has to be saved using
'social_auth.back-
ends.pipeline.misc.save_status_to_ses-
sion'
• Problem is the pipeline is restarted at the point
before the session was saved instead of after.
• The fix is to set SOCIAL_AUTH_PIPELINE_RE-
SUME_ENTRY=<pipeline_step>
Nandakumar Chandrasekhar InfoToros Software Private Limited 19/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 3: Cutting the Pipeline
• You can stop the pipeline to get additional data
from the user.
• The state of the pipeline has to be saved using
'social_auth.back-
ends.pipeline.misc.save_status_to_ses-
sion'
• Problem is the pipeline is restarted at the point
before the session was saved instead of after.
• The fix is to set SOCIAL_AUTH_PIPELINE_RE-
SUME_ENTRY=<pipeline_step>
Nandakumar Chandrasekhar InfoToros Software Private Limited 19/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Con No. 4: Partial Username Validation
• Username uniqueness is done.
• Username may contain spaces which is disallowed in
django usernames.
• Length restriction of 30 characters is not checked
for.
• Database error because of the above.
• Roll custom function to check length and uniqueness
of username and length of firstname and lastname.
Nandakumar Chandrasekhar InfoToros Software Private Limited 20/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Summary
• Social Sign-in eases the registration process.
• Websites are able to provide personalised
information.
• Django Socialauth and Django Social Auth are
different apps.
• The Social Sign-in process accesses a social site and
uses the returned details to log the user in.
• Basic setup of a virtual environment to run Django
Social Auth.
• Django Social Auth pros and cons beware.
Nandakumar Chandrasekhar InfoToros Software Private Limited 21/22
Introduction Basic Setup of Django Social Auth Pros and Cons Conclusion
Further Reading
• Django Social Auth - Github
• Django Social Auth documentation
• Social Login - Wikipedia
• Review of 4 Django Social Auth apps
Nandakumar Chandrasekhar InfoToros Software Private Limited 22/22