Tuesday, 22nd January, 2008
Using Yahoo BBAuth with Django
Today I tried Yahoo's Browser based authentication service.
Yahoo BBAuth also offers a Single Sign-On (SSO) facility so that existing Yahoo! users can use your services without having to complete yet another registration process.
To enable Yahoo SSO in your application all you need to do is register your application, download this quick start package and integrate it with your application.
I tried integrating with Django and it was pretty easy.
Download Yahoo BBAuth python classes here
Extract ybrowserauth.py in your django project directory
Create a bbauth_config.py file into your root project directory
Add the following lines, replacing it with your appid and secret
# Put your Application ID and Secret here
APPID = ‘5KzQuKHIkxxxxxxxxxxxxxxxxxxSztLwiAF7
SECRET = ‘0e68e582xxxxxxxxxxxxxxxxxxxx0f25f4
In your views.py file add the following import statement.
from mysite import ybrowserauth, bbauth_config
Now assuming that I want to protect my photos view with YAHOO BBAuth I will add the following code in my photos view
def photos(self, ts, sig, token, userhas, appdata)# Instantiate the class
cptr = ybrowserauth.YBrowserAuth(APPID, SECRET, ts, sig, token, userhash, appdata)
if token == None: # If no token is found, create the authentication URL and display it
req.content_type = "text/html"
outstuff = cptr.getAuthURL('someappdata', 1)
from django.http import HttpResponseRedirect
#this will redirect to YAHOO login page
return HttpResponseRedirect(outstuff)
else:
# If a token is found, it must be Yahoo!'s bbauth coming back as the
# "success" URL. So, we validate the signature and do all the work
request_uri = req.parsed_uri[6]+ '?' + req.parsed_uri[7]
cptr.validate_sig(ts, sig, request_uri)
userhash = cptr.userhash
appdata = cptr.appdata
cookie = cptr.cookie
token = cptr.token
wssid = cptr.wssid
# Your photos view definition goes follows
Use example bbatestMAIL.py and bbatestPHOTOS.py file that comes with the sample code
A php example can be found at Dan's Blog
