Random ...
 
July 2017
S M T W T F S
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
Tags ...
Links



python+zope++:: web2py and facebook and twitter
Posted at 15.Apr,2012 22:54  Comments 1 / Trackbacks 0 / Like this post!
Technorati tag(s):

Authenticating and authorizing users using facebook and twitter, or anything that can do oauth for that matter, is simple once we get the oauth nuance.

If we're dealing with oauth 2, then everything is peachy. Nothing much required. Facebook does oauth2.

Twitter only does oauth 1, and we have to go through the three legged dance to authenticate and authorize. These links help a lot:

  • https://dev.twitter.com/docs/auth/implementing-sign-twitter
  • https://docs.google.com/Doc?id=ajmd9vnthtq9_64ctxkqvfm
  • http://myzope.kedai.com.my/blogs/kedai/234
  • https://groups.google.com/forum/?fromgroups#!topic/web2py/VukW3IeE4go

In web2py, we can use 3rd party services to authenticate and authorize users. Check out glueon/contribs/login_methods

With oauth 1 and 2, we have to define get_user method to return the current user.

For web2py, we need to define the authentication method. We can do this in db.py, like so (for twitter):

 #
 from gluon.contrib.login_methods.oauth10a_account import OAuthAccount
 from oauth2 import Client, Consumer, Token

 import oauth2 as oauth
 import gluon.contrib.simplejson as json

 class TwitterAccount(OAuthAccount):
    AUTH_URL = "http://twitter.com/oauth/authorize"
    TOKEN_URL = "https://twitter.com/oauth/request_token"
    ACCESS_TOKEN_URL = "http://twitter.com/oauth/access_token"
    CLIENT_ID = "our twitter app id"
    CLIENT_SECRET = "our twitter app secret"

    def __init__(self, g):
        OAuthAccount.__init__(self, g,
                              self.CLIENT_ID,
                              self.CLIENT_SECRET,
                              self.AUTH_URL,
                              self.TOKEN_URL,
                              self.ACCESS_TOKEN_URL)

    def get_user(self):
        if self.accessToken() is not None:
            consumer = Consumer(key=self.CLIENT_ID,  secret=self.CLIENT_SECRET)
            client = Client(consumer, self.accessToken())
            resp, content = client.request('http://api.twitter.com/1/account/verify_credentials.json')
            if resp['status'] != '200':
                # cannot get user info. should check status
                return None
            u = json.loads(content)
            return dict(first_name = u['name'], username=u['screen_name'],
                  name=u['name'], registration_id=u['id'])

 auth.settings.actions_disabled=['register','change_password','request_reset_password','profile']
 auth.settings.login_form=TwitterAccount(g=globals())

The TwitterAccount class inherits OAuthAccount (see glueon/contribs/login_methods) and overrides get_user. The get_user method will verify the current user with twitter.

The hard part will be handled by the oauth10 module.

Now everytime a user wants to login, s/he will need to authenticate with twitter and allow our app access.

Once twitter pass the access token, web2py will add the user details in auth table.

And we can protect anything with the @auth.require_login decorator. All unauthenticated request will prompt for user to login twitter and authorize.

That's it


Bookmark and Share

Is this entry helpful? Comments/Donate/Click some google ads.  
Trackback is http://myzope.kedai.com.my/blogs/kedai/272/tbping 

Comments
facebook + web2py

can you provide an implementation for facebook as well. would reall apprecaite it!

I am also getting an error saying there is no oatuh module
- New Web2Py User

dwayne  at 07.Jul,2012 06:13
Post a comment