TL;DR version: Here is an app to allow logging in via twitter, facebook, openid, yahoo, google, which should work transparently with Django authentication system. (@login_required, User and other infrastructure work as expected.) Demo and Code.Longer version follow:
We are releasing our new app. Django-Socialauth. This app makes it awfully easy, to allow users to login your site using Yahoo/Google/Twitter/Facebook/Openid. A demo is available here.
This is released under an Attribution Assurance License. A copy of the same is provided included with the code.
After installing this app, you can use @login_required on any view and users identified via any means can access protected content.
We provide services to integrate and implement this, for a low price of USD 1600. Please contact us at licenses@uswaretech.com to discuss your exact needs.
The README is copied here for convenience.
What it does.
Allow logging in via various providers.
Logging In
This is a application to enable authentication via various third party sites. In particular it allows logging in via
- Gmail
- Yahoo(Essentially openid)
- OpenId
Libs you need to install
- python-openid (
easy_install) - python-yadis (
easy_install) - python-oauth(
easy_install)
The API Keys are available from
- http://www.facebook.com/developers/createapp.php
- https://developer.yahoo.com/dashboard/createKey.html
- https://www.google.com/accounts/ManageDomains
- http://twitter.com/oauth_clients
How it works.
Openid: Users need to provide their openid providers. Talk to the providers and
login.
Yahoo: Yahoo is an openid provider. Talk to Yahoo endpoints. (Endpoint: http://yahoo.com)
Google: Google is a provider. Talk to them. (Endpoint: https://www.google.com/accounts/o8/id)
Facebook: Facebook connect provides authentication framework.
Twitter: We use Twitter Oauth for authentication. In theory, Oauth shouldn’t be
used for authentication. (It is an autorisation framework, not an authentication one),
In practice it works pretty well. Once you have an access_token, and a name, essentially
authenticated.
References
- Demo of app
- Code for app
- http://openid.net/developers/
- http://developer.yahoo.com/openid/
- http://code.google.com/apis/accounts/docs/OpenID.html
- http://apiwiki.twitter.com/OAuth-FAQ
- http://developers.facebook.com/connect.php
Below the hoods
- For all providers(except Facebook) there are two urls and views. (start and done)
- Start sets up the required tokens, and redirects and hands off to the correct provider.
- Provider handles authentication on their ends, and hands off to Us, providing authorization tokens.
- In done, we check if the user with these details already exists, if yes, we log them in. Otherwise we create a new user, and log them in.
For all of these, we use standard django authenication system, with custom
auth_backends, hence all existing views, and decorators as login_required
will work as expected.
Urls
/login/ Login page. Has all the login options
/openid_login/ AND /openid_login/done/
/yahoo_login/ AND /yahoo_login/done/
/gmail_login/ AND /gmail_login/done/
/twitter_login/ AND /twitter_login/done/
/facebook_login/done/ We dont have a start url here, as the starting tokens are
set in a popup, as per FB Connect recommendations.
Implementation
- Install required libraries.
- Get tokens and populate in localsettings.py
- Set the token callback urls correctly at Twitter and Facebook.
- Add the OpenId middleware. Set the Authentication backends. (Set in localsettings.example.py)
Related posts:

{ 19 trackbacks }
{ 125 comments… read them below or add one }
← Previous Comments
It’s a tough one, but it isn’t new – PayPal have had that exact problem for years (it’s baked in to their core product).
This comment was originally posted on Hacker News
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. Development http://bit.ly/kVA4D
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo … http://bit.ly/OcLWN
This comment was originally posted on Twitter
Plus it is certainly better that what we had a few years back, wherin you gave your password to third parties to authenticate to a trusted site. (Like Gmail contacts import, twitter apps). Now at least you are authenticating on the trusted site, where you can verify the address bar.
This comment was originally posted on Hacker News
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. — The Uswaretech Blog.. http://bit.ly/OcLWN
This comment was originally posted on Twitter
Sweet! PRT @tanepiper Django-SocialAuth OpenID Login via twitter facebook y! Goog using a single app The Uswaretech Blog http://ff.im/-7eAmK
This comment was originally posted on Twitter
On one hand you don’t want to remember multiple passwords (on multiple sites) and on the other hand you don’t want to let people authenticate from your own trusted site.Most of the time, since you are already logged-in on Facebook google, yahoo or twitter, you will not be prompted for password, only for approval of authentication.
This comment was originally posted on Hacker News
*Cool* Django-SocialAuth – Login via twitter, facebook, google, etc. from single app http://tr.im/xfIu (RT @featureBlend)
This comment was originally posted on Twitter
Awesomeness. Django app for twitter+FB+openid+yahoo+google login auth http://bit.ly/Jop5p
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. — The Uswaretech Blog.. http://bit.ly/OcLWN
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo …: TL;DR version: Here is an app to allow loggi.. http://bit.ly/OcLWN
This comment was originally posted on Twitter
Well, try the demo. The google login works with a mechanism on googles servers asking you explicitly to grant access to the referring site. If the user doesn’t check the address on the target … well … :/I’ve spotted another weakness though on the facebook login. The username’s are generated as facebook_$firstname, which will lead to duplicates on big sites quite fast. I’d like to see a mechanism asking the users to chose a username.
This comment was originally posted on Hacker News
Well, try the demo. The google login works with a mechanism on googles servers asking you explicitly to grant access to the referring site.
This comment was originally posted on Hacker News
That’s pretty sweet! The demo worked well for me on everything but Facebook, where it reloaded the page within the facebook popup, a littttle odd. This is a great start, though, for developing services that integrate with the API’s of these services. Psyched to try it integrating it into an app.
This comment was originally posted on Hacker News
Django-SocialAuth – Login via twitter, facebook, openid, yahoo …: TL;DR version: Here is an app to allow loggi.. http://bit.ly/sT9hs
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo … http://bit.ly/OcLWN
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. ? The Uswaretech Blog.. http://bit.ly/2ZTxgK
This comment was originally posted on Twitter
Django-SocialAuth: Login via twitter, facebook, openid… RT @gregnewman: Wow: http://bit.ly/Mld5O
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. — The Uswaretech Blog -… http://ff.im/-7eMPM
This comment was originally posted on Twitter
I think this is a problem. Lot’s of users just type http://www.example.org in the google and click the first link. they hardly know what the address bar does.One way to look at it is: stupid user, you did it to yourself.
Another is: lots of people will be fooled, maybe we should rethink.
As I’ve said before, I have no solid solution.
This comment was originally posted on Hacker News
http://twurl.nl/xil8tu Add login to your Django web application using OpenID/Twitter/Facebook/Gmail/Yahoo, amazing idea!
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. — The Uswaretech Blog.. http://bit.ly/OcLWN
This comment was originally posted on Twitter
[WebDev Feed] Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single.. http://bit.ly/OcLWN
This comment was originally posted on Twitter
Wow I was looking for precisely this demo. Rockin’
This comment was originally posted on Hacker News
Can you try it and let me know what address it shows in the popup bar? If you log a bug on github, we will definitely try to fix it.
This comment was originally posted on Hacker News
Woo hoo! Django has a SocialAuth app now :: http://bit.ly/s1vto :: #django #djangorules #iloveyoudjango #python #pythonrulestoo #emacs #geek
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. ? The Uswaretech Blog.. http://bit.ly/2ZTxgK
This comment was originally posted on Twitter
How integrated is this to Django? Would it be easy to adapt to other framework (I’m thinking of Pylons). I’m working on a little website and would love to add this functionality without switching to Django.
This comment was originally posted on Hacker News
Let’s start working on one for Rails
This comment was originally posted on Hacker News
[from selfmadepsyche] Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app… http://bit.ly/OcLWN
This comment was originally posted on Twitter
django_socialauth – login to django app using twitter, facebook, openid http://bit.ly/s1vto i want this for pylons, maybe i’ll do it myself
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app – http://tinyurl.com/mwu43g
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. ? The Uswaretech Blog.. http://bit.ly/OcLWN
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo …: TL;DR version: Here is an app to allow loggi.. http://bit.ly/OcLWN
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app http://icio.us/uwnzu1
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. The Uswa… http://bit.ly/xlvt2
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, google, etc. from single app (with demo) http://bit.ly/Rr2tT
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. http://bit.ly/1YsLFN
This comment was originally posted on Twitter
http://short.to/o9mh
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo,… http://bit.ly/OcLWN
This comment was originally posted on Twitter
via del.icio.us: Single django app handles all “social” authentication methods. http://tinyurl.com/mwu43g
This comment was originally posted on Twitter
I’m already working on a similar authentication system for a rails app and this just really motivated me to release it as a plugin…That said, I’m sure lots of other Rails developers have already built their own solution. I’m also sure some are more mature than mine (i.e. in production). Isn’t uservoice.com backed by Rails? Their social authentication is so pretty Google uses it as a demo.
This comment was originally posted on Hacker News
I’m already working on a similar authentication system for a rails app and this just really motivated me to release it as a plugin…That said, I’m sure lots of other Rails developers have already built there own solution. I’m also sure they’re more mature than mine (i.e. in production). Isn’t uservoice.com backed by Rails? Their social authentication is so pretty Google uses it as a demo.
This comment was originally posted on Hacker News
Django-SocialAuth – Login via twitter, facebook, openid, yahoo, google using a single app. — The Uswaretech Blog.. http://bit.ly/OcLWN
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo … http://bit.ly/l0MgN
This comment was originally posted on Twitter
Django-SocialAuth – Login via twitter, facebook, openid, yahoo … http://bit.ly/l0MgN
This comment was originally posted on Twitter
SocialAuth – Login via twitter, facebook, openid, yahoo, google using single app. Django Web Dev http://ow.ly/lybx
This comment was originally posted on Twitter
Django-SocialAuth la connexion facile à une appl Django : http://bit.ly/s1vto Login via Facebook, Twitter, Yahoo, Google, OpenID
This comment was originally posted on Twitter
can you still login with django.contrib.auth?
This comment was originally posted on Hacker News
http://icio.us/uwnzu1
This comment was originally posted on Twitter
← Previous Comments