Closed jezdez closed 10 years ago
Our most-likely Auth providers will be:
I'm all for never, ever, ever keeping passwords again. The big project here, I think, will be setting up the transitional / connection flows. I don't think I've ever seen any 3rd party project support this stuff well. For example:
All the above are things that made me cranky about Fx Accounts, too. :)
Is it possible and helpful to add django-allauth to our stack behind a waffle flag to experiment with it and explore how it may or may not address the UX concerns?
And/or should we bring UX into this idea immediately?
FWIW, wanted to pursue a little due diligence beyond django-allauth.
I started looking at python-social-auth, at least from a high level. It looks pretty well maintained like django-allauth, though it might be too generic since it aims to serve all kinds of Python frameworks beyond Django.
Meh, probably just a matter of picking a base library and going with it.
Heh, though some quick Twitter digging reveals that @jsocol found python-social-auth problematic and had success with django-allauth. This leads me to favor just going with django-allauth :smiley:
That seals it for me. django-allauth all the way!
I should update that...
I also found allauth to be a PITA. It depends what you want to do. If you want "log in with X" I just did it my damn self, because neither of them seemed to directly support that use. If you want "connect your X account" after you've logged in with something else, python-social-auth is great, that's exactly what it does.
Hmm, yeah, I am kind of half tempted to just DIY the OAuth stuff if only because I feel like our login process has often been a bit of a precious special little snowflake and all the gotchas & exceptions will kill the helpful generality of a 3rd party app.
(also: Hi James! :grin:)
Starting work on this & bug 991351. Going to comment here, because it will probably be easier to revise a little progress report than fill the bug with comments.
Progress so far:
pre_social_login
signal that I might be able to use as a hook to auto-associate with an existing account via matching email address present in the 3rd party identity/{en-US,fr,de}/accounts/login/callback/
. May need to just make sign-in a locale-free set of URLs and rely on the browser accept-language
headers.More to come as I work through wiring up the app. When this list stops growing, and I've checked everything off, then I'll be ready to submit an initial pull request.
BTW, this is a great presentation about auth systems in Django: https://speakerdeck.com/tedtieken/signing-up-and-signing-in-users-in-django-with-django-allauth
@jsocol "If you want "log in with X" I just did it my damn self, because neither of them seemed to directly support that use." -- could you please elaborate a bit? With allauth, if you have auto signup enabled, a "login with X" is merely a matter of linking to "/accounts/X/login/". In any case, I am interested to learn if anything can be done to accomodate for your use case ...
Oh hey, this is fixed btw!
@pennersr happy to follow-up offline here, me@jamessocol.com, but this was 4 months ago so my memory is not going to be spot on.
https://github.com/pennersr/django-allauth seems to be the latest hot thing (well maintained, tested etc).