A standard feature in most modern web applications is the ability to log in or register using accounts that you already own on other sites such as Google, Facebook, or Twitter. Building your own integrations for each service can be complex and time consuming, distracting you from the features that you and your users actually care about. Fortunately the Python social auth library makes it easy to support third party authentication with a large and growing number of services with minimal effort. In this episode Matías Aguirre discusses his motivation for creating the library, how he has designed it to allow for flexibility and ease of use, and the benefits of delegating identity and authentication to third parties rather than managing passwords yourself.
- Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
- When you’re ready to launch your next app or want to try a project you hear about on the show, you’ll need somewhere to deploy it, so take a look at our friends over at Linode. With 200 Gbit/s private networking, scalable shared block storage, node balancers, and a 40 Gbit/s public network, all controlled by a brand new API you’ve got everything you need to scale up. And for your tasks that need fast computation, such as training machine learning models, they just launched dedicated CPU instances. Go to pythonpodcast.com/linode to get a $20 credit and launch a new server in under a minute. And don’t forget to thank them for their continued support of this show!
- You listen to this show to learn and stay up to date with the ways that Python is being used, including the latest in machine learning and data analysis. For even more opportunities to meet, listen, and learn from your peers you don’t want to miss out on this year’s conference season. We have partnered with organizations such as O’Reilly Media, Corinium Global Intelligence, ODSC, and Data Council. Upcoming events include the Software Architecture Conference in NYC, Strata Data in San Jose, and PyCon US in Pittsburgh. Go to pythonpodcast.com/conferences to learn more about these and other events, and take advantage of our partner discounts to save money when you register today.
- Your host as usual is Tobias Macey and today I’m interviewing Matías Aguirre about Python social auth and the complexities of third-party authentication
- How did you get introduced to Python?
- Can you start by describing what the Python social auth project is and your motivation for starting it?
- Why might someone want to integrate with or rely on a third-party identity provider in their projects?
- What are some of the tradeoffs or drawbacks of implementing
- Can you describe the current architecture of the library and how it has evolved since you first began working on it?
- There are a number of pre-built integrations with different web frameworks in the social auth github organization, but Django is the only one that has seen any commits recently. What are the contributing factors for that state of affairs?
- There are a number of authentication protocols that you support. What are the common capabilities that they each support and what are some of the more challenging differences between them?
- How have you implemented the interface for plugging different authentication mechanisms to allow for the variation between them while keeping the library code maintainable?
- What is involved in adding support for a new authentication provider or protocol?
- Many times authorization and authentication are conflated or used interchangeably. How does Python social auth address those concerns and what are the limitations of different mechanisms for defining permissions?
- For someone who is using Python social auth, what is the workflow for integrating it with their application as a consumer?
- What are some of the most interesting/unexpected/innovative ways that you have seen Python social auth used?
- What are some of the most interesting/useful/unexpected lessons that you have learned in the process of building and maintaining Python social auth?
- When is Python social auth more effort than it’s worth?
- What do you have planned for the future of the project?
Keep In Touch
- Thank you for listening! Don’t forget to check out our other show, the Data Engineering Podcast for the latest on modern data management.
- Visit the site to subscribe to the show, sign up for the mailing list, and read the show notes.
- If you’ve learned something or tried out a project from the show then tell us about it! Email firstname.lastname@example.org) with your story.
- To help other people find the show please leave a review on iTunes and tell your friends and co-workers
- Join the community in the new Zulip chat workspace at pythonpodcast.com/chat
- Python Social Auth
- Ruby on Rails
- Social Authentication
- Django Social Auth
- Salted and hashed passwords
- Magic Link Authentication