24Nov

Django SocialAuth component, now with some Elfin goodness…

Posted by Elf Sternberg as django, programming, python, web development

So, I got tired of the way Django-SocialAuth was borked and not working for me, so I forked the project and have put up my own copy at GitHub.

There are three things I noticed about the project right away: First, it forces you to use a broken templating scheme. I haven’t fixed that, but in the meantime I’ve ripped out all of the base.html calls to keep them from conflicting with those of other applications you may have installed. Really, the templates involved have very little meat on them, especially for the login.html page. These are components that would have been better written as templatetags. Second, the project is rife with spelling errors. (The most famous, of course, being that the original checkout was misspelled “Djano”). I am a fan of the notion that a project with spelling problems probably has other problems. I’ll make allowances for someone for whom English is a second language, but I was not filled with confidence. And third, the project violates Facebook’s TOS by storing the user’s first and last name. Along the way I discovered that the Facebook layer was completely non-functional if you, like three million other Facebook users, had clicked “Keep me logged in,” which zeros out the “login expires” field from Facebook. It would never accept you because your expiration date would then always be January 1, 1970, effectively before “now.”

I’ve barely begun hacking on the beast, but already I’ve made some progress. Facebook now works the first time around. I’ve cleaned up much of the spelling and grammar in the documentation, such as it is, and I’ve clipped many of the template naming problems that I saw in my original use of the system. I’ve also revised setup.py so that it runs out of the box, although I’m tempted to go with a different plan, one like django-registration where it is your responsibility to cook up the templates for the provided views. And I’ve ripped out most of the Facebook specific stuff to replace it with calls to PyFacebook, which is now a dependency.

One thing I do want to get to is a middleware layer that interposes the right social authentication layer on those users who come in from the outside world: i.e. if the AuthMeta indicates you’re a facebook user, then request.user will be a lightweight proxy between you and Facebook for those fields that are, by definition, Facebook-only (and a violation of the TOS if you copy them). It might make more sense to have a decorator class, but only if you don’t have a gazillion views.

I haven’t gotten much further than a Facebook layer that satisfies my immediate needs. I haven’t had a need to branch out and explore the Twitter or Oauth components yet. What I needed at the moment was a simple authentication layer that allowed either local users (for testing purposes) or FacebookConnect users, and one that didn’t need to contact Facebook for absolutely every view, whether you wanted it or not, just to check “is this guy still a facebook user?”, which is how the DjangoFacebookConnect toolkit does things. I suppose, if you’re a Facebook app, that’s what you want, but I’m not writing a Facebook app, I’m writing an app that uses FacebookConnect to associate and authenticate my application users’s accounts via their Facebook accounts.

14 Responses to Django SocialAuth component, now with some Elfin goodness…

Panos Laganakos

December 11th, 2009 at 2:21 pm

I agree with most of the stuff here, and gave a look at your commits on github.

Why do you worry about an app’s base.html overlapping any other? We already extend an app specific template by:

{% extends ‘app_name/base.html’ %}

while

{% extends ‘app_name/app_name_base.html’ %}

looks a bit over-explicit.

“Explicit is better than implicit” – I agree, but I think this is kinda too much :)

Other than that, good work – the middleware sounds like a nice idea.

Scot Hacker

February 10th, 2010 at 11:48 pm

Just digging in with this – project sounds promising. Couldn’t see a way to file bugs at github so leaving notes here.

There are two templates: socialauth_base.html and socialauth/socialauth_base.html . They are not duplicates. Is this redundancy intentional?

Scot Hacker

February 10th, 2010 at 11:51 pm

In template socialauth/login.html there are two javascript lines in block extra_body. Shouldn’t these be in block extra_head (since javascript goes in the head?)

Scot Hacker

February 11th, 2010 at 12:01 am

Docs say I need in settings:
FACEBOOK_API_SECRET=

but upon first FB connection, Django complains that I need:
FACEBOOK_SECRET_KEY

I assume this is the same, and is a typo in the docs. Set FACEBOOK_SECRET_KEY be the same as API_SECRET, but now clicking the FB Connect button does nothing.

huxley

April 15th, 2010 at 3:33 am

Shouldn’t these be in block extra_head (since javascript goes in the head?)

Javascript can go in the head but there is no prohibition to putting it in the body and if you do put it in the head it will block HTML rendering in many browsers while it’s downloading. CSS should still be put in the head.

Best practices now suggests putting scripts near the end of the body tag, you should still put it in an external file though.

Elf Sternberg

April 15th, 2010 at 7:50 am

Facebook gives you both a secret key and a public key. The secret key allows you to do server-to-server communication. You need both.

Elf Sternberg

April 15th, 2010 at 7:50 am

Best practices are not always the most efficient. See the most recent post about how Digg forces the browser to hook up event handlers the moment there’s something to hook the event handler up to.

Alexandre

August 20th, 2010 at 9:35 am

i felt the same about the uswaretech’s socialauth.
I want to use your fork now but have you made any progress since last year?

kira

October 2nd, 2011 at 1:29 am

[...]   Django SocialAuth component, now with some Elfin goodness… by Elf Sternberg [...]

Django socialauth: what is the best fork?

October 1st, 2012 at 2:46 am

[...] which is defended by this but was last updated [...]

What’s the best solution for OpenID with Django? | Everyday I'm coding

March 14th, 2013 at 11:38 pm

[...] Who knows if and when Facebook will start to be an OpenID provider…? socialauth seems to have its share of problems, [...]

Whats the best solution for OpenID with Django? - Tech Forum Network

June 13th, 2013 at 1:37 pm

[...] Who knows if and when Facebook will start to be an OpenID provider…? socialauth seems to have its share of problems, [...]

What’s the best solution for OpenID with Django? | Ask Programming & Technology

November 1st, 2013 at 11:03 pm

[...] Who knows if and when Facebook will start to be an OpenID provider…? socialauth seems to have its share of problems, [...]

How to: What's the best solution for OpenID with Django? | SevenNet

December 3rd, 2014 at 8:56 am

[...] Who knows if and when Facebook will start to be an OpenID provider…? socialauth seems to have its share of problems, [...]

Comment Form

Recent Comments