A show of hands. Who use a password manager? 90% of the hands went up. Who uses at least two? Some 40%.
Passwords are irritating. There have been initiatives to “outsource” passwords. Openid, oauth, oauth2.0.
On to OAuth2.0. It started at twitter. They started with OpenID, but that only handled login, not access to resources. In the end, oauth2.0 came out.
(Note: he said “openid connect”, but that’s build on oauth2.0, so he must have meant plain “openid” if I’m correct. But it might mean that I’m not totally correct in this summary, or I heard it incorrectly).
There are multiple ways to work with oauth2.0. He showed the “authorisation code grant”. I can’t visualize his diagram here, look at the video for that.
There are some terms:
Akos works at prezi. The backend is actually a django site. But there were many customizations to auth, sessions and user objects. At one point, they wanted to make it easier for users to log in. So: social login.
They had those customizations, so they forked django-social-auth somewhere in 2011 and had to maintain their fork ever since.
In 2017 they wanted to get rid of the old stuff for a new kind of login. They didn’t want to fork yet another project. And actually, they wanted to get rid of their current forks.
Then they discovered https://github.com/python-social-auth/social-core. A perfect set of building stones to hang their own customizations in.
There are three possibilities when logging in with social auth:
The presentation is online at https://prez.is/dce18
Photo explanation: station signs on the way from Utrecht (NL) to Heidelberg (DE).
My name is Reinout van Rees and I work a lot with Python (programming language) and Django (website framework). I live in The Netherlands and I'm happily married to Annie van Rees-Kooiman.
Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):