Your SlideShare is downloading. ×
  • Like
User Management with LastUser
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

User Management with LastUser

  • 1,929 views
Published

LastUser is a identity aggregating web service written in Python using the Flask framework. It provides an OAuth server that proxies for various popular identity providers.

LastUser is a identity aggregating web service written in Python using the Flask framework. It provides an OAuth server that proxies for various popular identity providers.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,929
On SlideShare
0
From Embeds
0
Number of Embeds
5

Actions

Shares
Downloads
7
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. User Management with LastUser Kiran Jonnalagadda, HasGeek PyCon India, Pune, September 2011 flickr.com/exfordy/128576390/
  • 2. The What & The Why
  • 3. LastUser is an identityaggregating web service LastUser Your App 1 Your App 2 Your App 3
  • 4. A simple goal Login identifier that Login users can remember Relief from password Password management Submit No user registration. Just login and use
  • 5. OpenID:URLs as Identity
  • 6. OpenID in theory:http://jace.livejournal.com/
  • 7. URLs in the browser:www.github.com
  • 8. URLs in the browser: github.com
  • 9. URLs in the browser:http://github.com/
  • 10. URLs in the browser:https://github.com/
  • 11. URLs as Identifiers1. github.com2. github.com/3. www.github.com4. www.github.com/5. http://github.com6. http://github.com/7. http://www.github.com8. http://www.github.com/9. https://github.com10. https://github.com/11. https://www.github.com12. https://www.github.com/ Multiple strings; same final URL flickr.com/mynameisharsha/5157965638/
  • 12. Contrast with email Addresses: kiran@hasgeek.in Change one character and it’s no longervalid. Users are conditioned to type them in exactly every time
  • 13. URL Ambiguity:https://www.google.com/accounts/o8/idOne OpenID URL for all Google accounts
  • 14. URL Ambiguity:https://www.google.com/accounts/o8/id?id=AItOawnGAN1Swp5zAJn9UYCw0jivCRXg8qIe_9chttps://www.google.com/accounts/o8/id?id=AItOawm3y2JBSnIo0ZdNwtIa487VpQXtpbXNmU4 Both are the same Google id, on different domains,using directed identity. If you move to a new domain, all your users’ ids change
  • 15. URLs are not reliableidentifiers for users
  • 16. OpenID in practice
  • 17. OAuth:Delegated Identity
  • 18. The delegated id model Your Application
  • 19. The delegated id model Synchronizing identity across services? Your Application
  • 20. Need a common identifieracross services. It’s usually an email address
  • 21. LastUser as abstraction layer LastUser — OAuth Server Your App 1 Your App 2 Your App 3
  • 22. Multiple apps,all connected to one LastUser instance
  • 23. 1. Login screen provider
  • 24. Connecting identitiesUsers sometimes login witha different service providerAccounts can be connectedif there is a common idTwitter does not provide anemail addressGitHub provides onlymd5sum of email viaGravatar. Can be connectedif email is already known
  • 25. Supported id providersTwitterGoogleGitHubOpenID (but not delegation)Upcoming: LinkedIn, Facebook
  • 26. OAuth: There is no singlestandard called OAuth. Every implementation is different
  • 27. There is no up-to-date Pythonlibrary for OAuth2. Every service provider has their own library. Contrast: Ruby has OmniAuth
  • 28. LastUser implements OAuth 2.0 draft 16 (with gaps filled in)
  • 29. OAuth 2.0 has two parts OAuth OAuth Authorization Resource Server Server 1. Request an OAuth Client 2. Use token to access token access resource
  • 30. OAuth 2.0 has two parts OAuth 2.0 doesn’t specify how this OAuth OAuth bit works Authorization Resource Server Server LastUser does 1. Request an OAuth Client 2. Use token to access token access resource
  • 31. 2. Resource providers (work in progress)
  • 32. 3. Central access control
  • 33. Pending workSeamless login UI and pure client-side JS login APINon-web login flowAuthorization to resource server communication protocolSupport for token types other than bearer tokens
  • 34. LastUser is BSD-licensedhttps://github.com/hasgeek/lastuser