Python Social Auth - example site working with downlevel version of PSA

[Donald McClymont]

I am sharing  an example site http://www.netdecisionmaking.com that uses Python Social Auth for authentication, based on the following code and 

https://github.com/omab/python-social-auth and the web2py integration developed at https://github.com/bnmnetp/w2p-social-auth

This works basically fine with the configured providers BUT it is using python social auth version 0.1.26 and I am keen to get it moved to the latest version.  Being keen but lazy I was looking to check if anyone has got a more up to date version that is currently working as it seems there are a few changes with the 0.2.x release that need to be worked through and w2p-social-auth that I am using has not been updated as far as I can find.

The code for the site itself is at https://github.com/DonaldMcC/gdms and I am using the recently add config file to determine an overall authentication scheme for the site and pickup the keys etc which works fine.

Ideally I'd also like to also have the option to combine PSA and Web2py login methods however I haven't really looked into that yet.

Regards

Donald

[Joe Barnhart]

Hi Donald --

I find I need this too. The more recent version of social auth should handle Google authentication in addition to Facebook and Twitter.  I need these three in addition to web2py logon for my application. Have you seen any progress on this front?  We may have to collaborate and do it ourselves.

-- Joe

[Donald McClymont]

I would really like some progress on this - however I have extremely limited knowledge of both auth and Python Social Auth so was rather hoping someone that did might develop this in a better manner than I am likely to do..  I did briefly attempt to update what I have but quickly came to the conclusion it was not straightforward.  However I may have some time to look at in a bit more detail in the next few weeks.

Regards

Donald

[Joe Barnhart]

Well I don't know about OAuth or auth-social, but I know web2py auth and I know python pretty well.  I'll do a little reading on the whole concept of social-auth and see if I can dig up more resources, like maybe the author of w2p-social-auth.  If worse comes to worst, I can get some help from Massimo.  I think a social auth plug-in that works really well would be not only useful, but essential to web2py at this point.

-- Joe

[Donald McClymont]

Sounds good - possibly worth trying to contact someone on the psa team as well.  I think we need to decide whether an updated plug-in is the best way to go or whether this should be a core part of either PSA or web2py.  The plug-in may be the quickest way forward but it might well be better to go another route as it reduces the risk of being back in the same situation we have now where changes in PSA mean the plug-in doesn't work with latest versions.

There was some previous dialogue on wihether python social auth or authomatic was the better approach and that did seem to come down in favour of PSA because authomatic was no longer being maintained. 

Donald

[Donald McClymont]

I have now forked and pruned w2p-social-auth at the following:  https://github.com/DonaldMcC/w2p-social-auth  basically only two changes of substance:

1 It now uses appconfig to store the keys in so you will need to be on a fairly recent web2py if you want to use this approach - alternatively just put the keys directly into db.py but this obviously isn't a best practice with github for sharing code.

2 I have removed the version of python social auth - I think 0.1.24 which was included in previous file which means a lot less code - as far as I can tell this was unmodified however it was not best if the plugin was importing from their and internal imports within PSA were from the installed version of that I had installed as a python package.

Having done the above - I have successfully completed a basic login with the revised plugin and PSA 0.2.19 which is the latest version use Mozilla Persona as the provider - I will need to move it onto an actual site rather than localhost to test a few other providers but that will be next week at the earliest and I still have a very limited knowledge of Auth, PSA or the actual code in the plug-in - so it would be good if people that do could perhaps chip-in with suggestions on where this should be heading and how it should be properly tested that would be appreciated.

Donald

[Donald McClymont]

Just a further note that following some further updating I can login via Facebook, Twitter, Google (using Mozilla Persona) and Microsoft accounts.  There is a test site at https://www.netdecisionmaking.com/w2ppsatest if anyone wants to take a look without setting up themselves.  I am not really planning to do much more with this unless there are issues or suggestions on what needs done next.

Regards

Donald

[mweissen]

It is a very interesting project. Are there any news?

[Donald McClymont]

Not  a great deal from me - it is still generally working fine with latest version of psas on www.netdecisionmaking.com - this is really a hobby project to demo a different approach to running the world or any part of it.  Only change I have made recently was to swap-out mozilla persona and replace with google+ as Mozilla are turning off persona at the end of November.  That does however give me an issue that google+ authentication works but doesn't populate the users email which obviously then means users logging in this way will not get mails.  I need to look at how to add additional steps to query this after authentication at some point.

Regards

Donald

[Donald McClymont]

Just an update that in line with the re-organization and new site for python social auth (https://github.com/python-social-auth) I have made a new repository https://github.com/DonaldMcC/social-app-web2py with updated import statements etc.  The plug-in has been tested with google, facebook, twitter and microsoft providers and demo is available at http://www.netdecisionmaking.com/socialappweb2py/default/index  

It's still entirely based on https://github.com/bnmnetp/w2p-social-auth but just rolled forward in line with psa changes and far from fully tested.

[Joe Barnhart]

Hi Don --

Just getting around to playing with this and having fun...  Being a novice at python social-auth-core as well as your code, setting it up is slow going.

Is your Git repo just an example of how to add this, or is this a w2p plugin of sorts?  My intent is to add the minimum needed to my own site to get social auth working, or course.

Anyway, happy to get any tips you may share.  I think I've gotten social-auth-core loaded on my mac so it should all be clear sailing now... heh heh...

-- Joe

[Donald McClymont]

Hi Joe

The repo is a minimum Web2py app with most of the code in a plug-in so as long as you have social-auth-core installed it should run ok. However I am not sure if you can fully setup and test from a laptop. Most of the providers that you need to register your app with seem to like you to list valid web addresses rather than localhost or the like. So I ended up testing on pythonanywhere and then if you go for a free account you would need to check carefully if the referred providers are on your whitelist.

There has also been a new release of social-auth-core 1.1 since I tested but hopefully that doesn't cause any issues

Regards
Donald

[Donald McClymont]

[Donald McClymont]

[Donald McClymont]

[Joe Barnhart]

Thanks Donald!

So the repo contains an application and the plugin, already "installed."  So to add this to my own application, I separate out the "plugin" pieces and incorporate them into my app, right?  That means I copy out any directory with the plugin name as well as any *.py files prefixed with "plugin", right?  Then I enable the plugin feature from my model file.

I'll let you know if I find any issues with the new version of python social auth.

Testing it shouldn't be a problem as I run a publicly-available web server from my home.  I pay for "business" class internet service to get a static IP and better SLA.  I can just deploy to it and make sure it's reachable thru DNS and I'm golden.

Joe

[Joe Barnhart]

Hi Dan --

I've been playing with it awhile.  It seems the Mozilla "persona" feature got permeated throughout the plug-in.  Which is unfortunate since persona is now room-temperature, making all that code into bloat.  I'm trying to prune through it, but confusingly much of the javascript stuff seems to completely go away.  Still having a bit of fun grokking all the javascript and its interaction with the built-in forms.

Since I need both social auth and web2py auth, the plug-in as it stands is not usable.  My thoughts are, either I pare it down and just get the code that does the actual social auth stuff or I try to augment the plugin and remove Persona and add web2py auth to it.  My vision is a combined auth form that has the web2py "username/password" at the top and a row of buttons for social logon at the bottom.  

What are your thoughts?

-- Joe

On Saturday, February 11, 2017 at 9:35:53 AM UTC-8, Donald McClymont wrote:

[Donald McClymont]

Hi Joe

It does sound like you are making some progress - getting rid of all the persona stuff makes sense and I would like dual login capability as well.  However my knowledge of both web2py auth and social auth is very limited so I am not sure I am a great source of advice.  I did get Janrain and web2py logins working together in a fashon a while back and I think this is still covered in the book with ExtendedLoginForm so this MIGHT be a useful part of a way forward - code snippet below.  The other big limitation it currently has is that for some providers eg google it is not pulling in the users email address and if email is required by your app that is a problem.  I think that is in part the way google wants it to work and you are supposed to authenticate and then make an API call to get the email address which I think is the sort of thing the pipeline should do.- but I haven't even made an attempt to figure out what is involved in doing this.

Donald

elif login == 'web2pyandjanrain':  
    from gluon.contrib.login_methods.extended_login_form import ExtendedLoginForm
    from gluon.contrib.login_methods.rpx_account import RPXAccount
    filename = 'private/janrain.key'
    path = os.path.join(current.request.folder, filename)
    if os.path.exists(path):
        request = current.request
        domain, key = open(path, 'r').read().strip().split(':')
        host = current.request.env.http_host
        url = URL('default', 'user', args='login', scheme=True)
        other_form = RPXAccount(request, api_key=key, domain=domain, url=url)
        auth.settings.login_form = ExtendedLoginForm(auth, other_form, signals=['token'])