Velruse is a Python library that makes it easy to add OAuth authentication to a web application. It supports minimal configuration to use as a stand-alone service or integrate as a Pyramid plugin. Velruse handles the OAuth login flow and provides the authenticated profile and credentials to the application. Examples shown include using Velruse with Facebook, Google, Twitter, Alfresco and Plone authentication.

1. agile.open.connectedLost In OAuth?
Learn Velruse And Get Your Life Back! Andrew Mleczko
Wednesday, 3 July 2013

2. Andrew Mleczko
Python Dev
RedTurtle - Italy - Poland
amleczko@redturtle.it
@amleczko
www.redturtle.it
Andrew Mleczko
Wednesday, 3 July 2013

3. What is OAuth?
Wednesday, 3 July 2013

4. “OAuth is an open standard
for authorization.”
wikipedia
Wednesday, 3 July 2013

5. Lack of anonymity
Lack of market saturation
Phishing
Data misuseBad precedents
Wednesday, 3 July 2013

6. This talk is not about it!
Wednesday, 3 July 2013

7. velruse
Wednesday, 3 July 2013

8. Ben Bangert
@benbangert
https://github.com/bbangert/velruse
http://pythonhosted.org/velruse
Wednesday, 3 July 2013

9. velruse
Wednesday, 3 July 2013

10. minimal configuration use
or
as a stand-alone service
pyramid plugin
Wednesday, 3 July 2013

11. simple request schema
/{provider}/login
Wednesday, 3 July 2013

12. as a service
[app:velruse]
use = egg:velruse
endpoint = http://example.com/logged_in
provider.facebook.consumer_key = 441361239240193
provider.facebook.consumer_secret = 52ef2618a1999eeec6d9c
provider.facebook.scope = email
...
Wednesday, 3 July 2013

13. handling login
# sample callback view in flask
@app.route('/logged_in', methods=['POST'])
def login_callback():
# token is stored in the form data
token = request.form['token']
return render_template('result.html', result=token)
# sample callback view in flask
@app.route('/logged_in', methods=['POST'])
def login_callback():
token = request.form['token']
# the request must contain 'format' and 'token' params
payload = {'format': 'json', 'token': token}
# sending a GET request to /auth_info
response = requests.get(request.host_url + 'velruse/auth_info', params=payload)
auth_info = response.json
return render_template('result.html', result=auth_info)
Wednesday, 3 July 2013

14. as a pyramid plugin
[app:main]
use = egg:myapp
pyramid.includes = velruse.providers.facebook
velruse.facebook.consumer_key = 441361239240193
velruse.facebook.consumer_secret = 52ef2618a1999eeec6d9c
velruse.facebook.scope = email
...
Wednesday, 3 July 2013

15. handling login
@view_config(
context='velruse.AuthenticationComplete',
renderer='myapp:templates/result.mako',
)
def login_complete_view(request):
context = request.context
result = {
'provider_type': context.provider_type,
'provider_name': context.provider_name,
'profile': context.profile,
'credentials': context.credentials,
}
return {'result': json.dumps(result, indent=4)}
@view_config(
context='velruse.providers.facebook.FacebookAuthenticationComplete',
renderer='myapp:templates/result.mako',
)
def fb_login_complete_view(request):
pass
Wednesday, 3 July 2013

16. velruse providers
Wednesday, 3 July 2013

17. Google OAuth2 example
[app:velruse]
use = egg:velruse
endpoint = http://example.com/logged_in
provider.google.consumer_key = 441361239240193
provider.google.consumer_secret = 52ef2618a1999eeec6d9c
Wednesday, 3 July 2013

18. alfresco example
github.com/RedTurtle/
pyramid_alfresco
[app:main]
use = egg:myapp
pyramid.includes = pyramid_alfresco.oauth
alfresco.consumer_key = 441361239240193
alfresco.consumer_secret = 52ef2618a1999eeec6d9c
Wednesday, 3 July 2013

19. alfresco example
class AlfrescoProvider(object):
def login(self, request):
"""Initiate a alfresco login"""
scope = request.POST.get('scope', self.scope)
gh_url = flat_url(
'%s://%s/auth/oauth/versions/2/authorize' % (self.protocol, self.domain),
scope=scope,
response_type='code',
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
state=state)
return HTTPFound(location=gh_url)
Wednesday, 3 July 2013

20. alfresco example
class AlfrescoProvider(object):
...
def callback(self, request):
"""Process the alfresco redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
access_url = flat_url('%s://%s/auth/oauth/versions/2/token' % (self.protocol, self.domain))
payload = {}
payload['client_id'] = self.consumer_key,
payload['client_secret'] = self.consumer_secret,
r = requests.post(access_url,data=payload)
cred = {'access_token': r.json()['access_token'],
'refresh_token': r.json()['refresh_token']}
return AlfrescoAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
Wednesday, 3 July 2013

21. plone example
github.com/RedTurtle/
pas.plugins.velruse
Wednesday, 3 July 2013

22. plone example
github.com/RedTurtle/
pas.plugins.velruse
[app:main]
use = egg:myapp
pyramid.includes =
velruse.providers.facebook
velruse.providers.google
velruse.providers.twitter
velruse.facebook.consumer_key = 441361239240193
velruse.facebook.consumer_secret = 52ef2618a1999eeec6d9c
velruse.facebook.scope = email
velruse.twitter.consumer_key = 6453756375687365736
velruse.twitter.consumer_secret = 563475384g5yg4f5g3g85345f33ff34f
velruse.google.consumer_key = 72342425845745453534535353464535432
velruse.google.consumer_secret = hdfusdg76f78gaftsdf5s6d7f4sd5g4f
Wednesday, 3 July 2013

23. Grazie. Thank you.
Wednesday, 3 July 2013

24. Questions ?
Andrew Mleczko
Python Dev
Plone Framework Team
amleczko@redturtle.it
tw: @amleczko
Wednesday, 3 July 2013