So i'm creating a blog engine in python with bottle. I would like to be able to have it create and run it's own login system and use OpenId.
Can I use OpenId with bottle? If so how?
Bonus brownie points if you can tell me how to request information from the user profile through this.
Are there any other alternatives that works with Google?
Do you have any Tips or guides for making a secure login system?
BTW: I use python 3
Edit: I have decided to just move to Flask it has openid and heaps more.
I couldn't find any turnkey solution for this, but you might want to check out this simple auth class for bottle: https://github.com/bbrodriges/bottlepy-user-auth, which shows an example how to bind together your bottle webapp and your user database.
So by using this as a base and a implementing a wrapper class on the top of the python-openid library, and use it as the 'db' class in the linked auth class. You can also extend this class to handle further profile infos you need.
Related
I am making a web applicaion in python with flask framework in which different types of users are there like admin, editior, normal user etc. So the application access is different for each. How to implement this?. After login application need to redirect to user related views . Please help to make this in a better way
There is a Flask extension Flask-RBAC which does exactly what you need:
Flask-RBAC provides a Role-based Access Control module in Flask
applications. It can help you to control different role of users to
access your website.
How could I do to allow users to link their Gmail or Facebook account in my Django App ?
I'd like to avoid my clients to register in my site if they have an account in any of the common sites (Gmail, Facebook etc...)
I know the app Django Social Auth can be used for this purposes but I'd like to know how to do this auth by my own.
Can anyone point me to some documentation or small example ?
I'd like to do this kind of authentication by my own, without external app, I'm looking for information not anybody to solve my code
Thanks
Actually, you can try to find an example how to use OAuth2 technology in Django from different django app. I use django-allauth and you can try to copy some techniques from them.
What is the best twitter auth plugin for Django. I do not understand why django-social-auth and django socialregistration suck so badly, but authentication to both facebook + twitter is not that hard and there seems to be no good django packages for either.
Please prove me wrong.
Thanks
I've attempted using allauth, but haven't gotten it to work.
This post lead me to it:
http://hackerluddite.wordpress.com/2011/05/17/review-of-4-django-social-auth-apps/
Let us know what you find that works.
I've also tested django-social-auth and django-socialregistration and they sucked. Things like easily fixed AttributeErrors caused by the software not being kept up to date with the latest Django. They also build upon the model that you authenticate with any of the social auth provider, but you still have to create a new account to login.
Then I tried Janrain and it is the best thing since sliced bread. You can either use it standalone because it is not so hard to integrate its javascript and json api yourself from scratch. Or use django-rpx-plus (RPX is the old name for Janrain) that provides some views and data structures to make integration even easier.
Using Janrain, it is easy to just let your users click on the google/twitter/facebook icon, click accept on the providers page shown in a popup and voila! logged in! The only downsides are the Janrain branding shown in the free version and that you have to rely on a third party for authentication.
Taking into account that I barely know python and am simply following the "hello-world" example here: http://code.google.com/appengine/docs/python/gettingstarted/
I'm unclear as to how I would: use a "MainHandler" class mapped to '/' as a welcome page, ask the user to login and then only allow logged-in users to access a "EditorHandler" class mapped to '/editor'
You've asked a very broad question, and provided no details about what (if any) framework you're planning to use to implement your app. I guess you are probably using webapp?
The basic idea would be to create a login url that you redirect the user to, or you provide to them. If you want them redirected to an edit page on your app, you can specify a dest_url when calling create_login_url:
users.create_login_url(dest_url='/edit')
Within your code you can secure your edit handler easily in app.yaml or with the '#login_required' decorator, depending on how you've setup your app.
This seems to work: http://appengine-cookbook.appspot.com/recipe/login-decorator
Although I dont understand the magic behind most of it, it's probably due to my lack of python skills.
Some comments on that article also point to more "native" solutions:
http://code.google.com/appengine/docs/python/tools/webapp/utilmodule.html
We are building a website on Google App Engine, using django patch.
We would like to use Facebook connect for two purposes:
Authenticate users.
Access user's social data.
Searching for a solution in the usual places (google, FB, SO) brigs up a lot of noise, many partial solutions and no clear answer.
So the question is this: does anyone has a clear working solution? maybe even a recipe?
Thanks.
Honza: we where looking for something that also does authentication Django style.
We ended up doing the login on the client side than sending an AJAX request to Django and wrote our own authenticate/login logic.
Once we get the user's credentials, we use PyFacebook for FB connectivity.