Tuesday, 22nd January, 2008

Using Yahoo BBAuth with Django

Category: Yahoo , Python , Django

Today I tried Yahoo's Browser based authentication service.

Yahoo BBAuth also offers a Single Sign-On (SSO) facility so that existing Yahoo! users can use your services without having to complete yet another registration process.

To enable Yahoo SSO in your application all you need to do is register your application, download this quick start package and integrate it with your application.

I tried integrating with Django and it was pretty easy.

Download Yahoo BBAuth python classes here

Extract ybrowserauth.py in your django project directory

Create a bbauth_config.py file into your root project directory

Add the following lines, replacing it with your appid and secret

# Put your Application ID and Secret here
APPID = ‘5KzQuKHIkxxxxxxxxxxxxxxxxxxSztLwiAF7
SECRET = ‘0e68e582xxxxxxxxxxxxxxxxxxxx0f25f4

In your views.py file add the following import statement.

from mysite import ybrowserauth, bbauth_config

Now assuming that I want to protect my photos view with YAHOO BBAuth I will add the following code in my photos view


def photos(self, ts, sig, token, userhas, appdata)# Instantiate the class
    cptr = ybrowserauth.YBrowserAuth(APPID, SECRET, ts, sig, token, userhash, appdata)
    if token == None: # If no token is found, create the authentication URL and display it
      req.content_type = "text/html"
      outstuff = cptr.getAuthURL('someappdata', 1)
      from django.http import HttpResponseRedirect  
      #this will redirect to YAHOO login page 
      return HttpResponseRedirect(outstuff)
    else:
      # If a token is found, it must be Yahoo!'s bbauth coming back as the
      # "success" URL. So, we validate the signature and do all the work
      request_uri = req.parsed_uri[6]+ '?' + req.parsed_uri[7]
      cptr.validate_sig(ts, sig, request_uri)
      userhash = cptr.userhash
      appdata = cptr.appdata
      cookie = cptr.cookie
      token = cptr.token
      wssid = cptr.wssid
      # Your photos view definition goes follows

Use example bbatestMAIL.py and bbatestPHOTOS.py file that comes with the sample code


A php example can be found at Dan's Blog


Posted by Amaltas Bohra at 11:06 a.m.

6 comments »

have you tried integrating Google Auth in django apps ? or can you write about it ?

json says : 23rd January, 2008

Excellent Start! Good Luck....

Syed Abbas says : 23rd January, 2008

@json
I haven't tried Google Auth API yet. You can find detailed documentation at Google Auth for web applications.

Amaltas says : 23rd January, 2008

The problem with Google Auth is, that using AuthSub (preferable over ClientLogin) can be used for simple webpages, but you can't use the Google ID for storing data in your web application. In contrast Yahoo supports the retrieval of the user id. But hopefully Google will add this too.

And thanks for the Yahoo! code :)

Oliver Andrich says : 29th January, 2008

AFAIK, Yahoo do not give user id, but just give user hash which is unique to each user. There is no way to get the actual user ID, correct me if I am wrong.

Amaltas says : 29th January, 2008

You are right. BBAuth only returns a hash, which can be used to identify a returning user. But this is more then Google at the moment offers. Sad but true. And so I have to stick to Google ClientLogin so far. At least for the development phase of my project.

Oliver Andrich says : 30th January, 2008

Have your say

Name

Spam is a pain. If you are posting comment on this site for the first time, we will send you an email to activate the comment. Once you activate the comment, you can post comments without activation. This is one time activity.

Email (not published)

Blog/Website URL

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>