Pyramid and social auth

128 views
Skip to first unread message

Adam Klekotka

unread,
Jan 16, 2011, 9:16:16 AM1/16/11
to pylons-discuss
Hello,
I'm new to Pyramid and I'm developing an app in which I want to use
twitter and facebook connect for user auth. I think the repoze.what
with plugins would be the best way to do that. Is there any tutorial
how to use it with Pyramid? Or maybe should I choose Pylons1.0
instead?

Thanks,
Adam

Gael Pasgrimaud

unread,
Jan 16, 2011, 1:42:06 PM1/16/11
to pylons-...@googlegroups.com
Hi,

I haven't use it yet but there is an authentication policy for
repoze.who in pyramid:

http://docs.pylonsproject.org/projects/pyramid/dev/api/authentication.html#pyramid.authentication.RepozeWho1AuthenticationPolicy

Si I guess you can use a standard repose.who/what middleware and the
policy will use environ[repoze.who.identity]

Btw I'm also interested by this topic. I like to see something like
django-socialregistration for pyramid
(https://github.com/flashingpumpkin/django-socialregistration) So it
would be great if you could share your experience.


--
Gael

> Thanks,
> Adam
>
> --
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to pylons-discus...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
>
>

Ben Bangert

unread,
Jan 16, 2011, 2:15:09 PM1/16/11
to pylons-...@googlegroups.com

My personal recommendation would be to use Pyramid's ACL/security system, and use normal username/password for the account sign-up. Once someone is signed-up, give them the option of 'linking' Facebook/twitter to their account. Nowadays, I just see way too many support/usability issues with supporting multiple sign-on methods. People forget whether they used twitter or facebook, and if they lose one of those accounts, or twitter/facebook have some issue, they can no longer sign into your site.

I think its fine if they can use one of those methods to sign-in in *addition* to having a username/email/password on file, as they can at least fall-back to that if they forget which other auth they used.

As for doing the Facebook/twitter connect, you might want to look at velruse, which makes it easy to do the actual handshake connect with either of them. That'd be useful for letting them link their account later from an account management page.

Cheers,
Ben

jerry

unread,
Jan 16, 2011, 9:56:56 PM1/16/11
to pylons-discuss
My working codes:

Twitter OAuth connect -- http://pylonshq.com/pasties/c549d2be586797da17c7fad5ae875372

Facebook OAuth2 connect -- http://pylonshq.com/pasties/e4b933da7f577c541cc2f2489f825fdd

Jerry
Reply all
Reply to author
Forward
0 new messages