Lost in o auth? learn velruse and get your life back
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
1,521
On Slideshare
1,382
From Embeds
139
Number of Embeds
6

Actions

Shares
Downloads
8
Comments
2
Likes
3

Embeds 139

http://eventifier.co 86
https://twitter.com 33
http://eventifier.com 11
http://lanyrd.com 7
http://feeds.feedburner.com 1
http://www.feedspot.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. agile.open.connectedLost In OAuth? Learn Velruse And Get Your Life Back! Andrew Mleczko Wednesday, 3 July 2013
  • 2. Andrew Mleczko Python Dev RedTurtle - Italy - Poland amleczko@redturtle.it @amleczko www.redturtle.it Andrew Mleczko Wednesday, 3 July 2013
  • 3. What is OAuth? Wednesday, 3 July 2013
  • 4. “OAuth is an open standard for authorization.” wikipedia Wednesday, 3 July 2013
  • 5. Lack of anonymity Lack of market saturation Phishing Data misuseBad precedents Wednesday, 3 July 2013
  • 6. This talk is not about it! Wednesday, 3 July 2013
  • 7. velruse Wednesday, 3 July 2013
  • 8. Ben Bangert @benbangert https://github.com/bbangert/velruse http://pythonhosted.org/velruse Wednesday, 3 July 2013
  • 9. velruse Wednesday, 3 July 2013
  • 10. minimal configuration use or as a stand-alone service pyramid plugin Wednesday, 3 July 2013
  • 11. simple request schema /{provider}/login Wednesday, 3 July 2013
  • 12. as a service [app:velruse] use = egg:velruse endpoint = http://example.com/logged_in provider.facebook.consumer_key = 441361239240193 provider.facebook.consumer_secret = 52ef2618a1999eeec6d9c provider.facebook.scope = email ... Wednesday, 3 July 2013
  • 13. handling login # sample callback view in flask @app.route('/logged_in', methods=['POST']) def login_callback(): # token is stored in the form data token = request.form['token'] return render_template('result.html', result=token) # sample callback view in flask @app.route('/logged_in', methods=['POST']) def login_callback(): token = request.form['token'] # the request must contain 'format' and 'token' params payload = {'format': 'json', 'token': token} # sending a GET request to /auth_info response = requests.get(request.host_url + 'velruse/auth_info', params=payload) auth_info = response.json return render_template('result.html', result=auth_info) Wednesday, 3 July 2013
  • 14. as a pyramid plugin [app:main] use = egg:myapp pyramid.includes = velruse.providers.facebook velruse.facebook.consumer_key = 441361239240193 velruse.facebook.consumer_secret = 52ef2618a1999eeec6d9c velruse.facebook.scope = email ... Wednesday, 3 July 2013
  • 15. handling login @view_config( context='velruse.AuthenticationComplete', renderer='myapp:templates/result.mako', ) def login_complete_view(request): context = request.context result = { 'provider_type': context.provider_type, 'provider_name': context.provider_name, 'profile': context.profile, 'credentials': context.credentials, } return {'result': json.dumps(result, indent=4)} @view_config( context='velruse.providers.facebook.FacebookAuthenticationComplete', renderer='myapp:templates/result.mako', ) def fb_login_complete_view(request): pass Wednesday, 3 July 2013
  • 16. velruse providers Wednesday, 3 July 2013
  • 17. Google OAuth2 example [app:velruse] use = egg:velruse endpoint = http://example.com/logged_in provider.google.consumer_key = 441361239240193 provider.google.consumer_secret = 52ef2618a1999eeec6d9c Wednesday, 3 July 2013
  • 18. alfresco example github.com/RedTurtle/ pyramid_alfresco [app:main] use = egg:myapp pyramid.includes = pyramid_alfresco.oauth alfresco.consumer_key = 441361239240193 alfresco.consumer_secret = 52ef2618a1999eeec6d9c Wednesday, 3 July 2013
  • 19. alfresco example class AlfrescoProvider(object):     def login(self, request):         """Initiate a alfresco login"""         scope = request.POST.get('scope', self.scope)         gh_url = flat_url(             '%s://%s/auth/oauth/versions/2/authorize' % (self.protocol, self.domain),             scope=scope,             response_type='code',             client_id=self.consumer_key,             redirect_uri=request.route_url(self.callback_route),             state=state)         return HTTPFound(location=gh_url) Wednesday, 3 July 2013
  • 20. alfresco example class AlfrescoProvider(object): ...     def callback(self, request):         """Process the alfresco redirect"""         sess_state = request.session.get('state')         req_state = request.GET.get('state')         access_url = flat_url('%s://%s/auth/oauth/versions/2/token' % (self.protocol, self.domain))         payload = {}         payload['client_id'] = self.consumer_key,         payload['client_secret'] = self.consumer_secret,         r = requests.post(access_url,data=payload)         cred = {'access_token': r.json()['access_token'],                 'refresh_token': r.json()['refresh_token']}         return AlfrescoAuthenticationComplete(profile=profile,                                               credentials=cred,                                               provider_name=self.name,                                               provider_type=self.type) Wednesday, 3 July 2013
  • 21. plone example github.com/RedTurtle/ pas.plugins.velruse Wednesday, 3 July 2013
  • 22. plone example github.com/RedTurtle/ pas.plugins.velruse [app:main] use = egg:myapp pyramid.includes = velruse.providers.facebook velruse.providers.google velruse.providers.twitter velruse.facebook.consumer_key = 441361239240193 velruse.facebook.consumer_secret = 52ef2618a1999eeec6d9c velruse.facebook.scope = email velruse.twitter.consumer_key = 6453756375687365736 velruse.twitter.consumer_secret = 563475384g5yg4f5g3g85345f33ff34f velruse.google.consumer_key = 72342425845745453534535353464535432 velruse.google.consumer_secret = hdfusdg76f78gaftsdf5s6d7f4sd5g4f Wednesday, 3 July 2013
  • 23. Grazie. Thank you. Wednesday, 3 July 2013
  • 24. Questions ? Andrew Mleczko Python Dev Plone Framework Team amleczko@redturtle.it tw: @amleczko Wednesday, 3 July 2013