Tuesday, 22nd January, 2008

Using Yahoo BBAuth with Django

Category: Yahoo , Python , Django

Today I tried Yahoo's Browser based authentication service.

Yahoo BBAuth also offers a Single Sign-On (SSO) facility so that existing Yahoo! users can use your services without having to complete yet another registration process.

To enable Yahoo SSO in your application all you need to do is register your application, download this quick start package and integrate it with your application.

I tried integrating with Django and it was pretty easy.

Download Yahoo BBAuth python classes here

Extract ybrowserauth.py in your django project directory

Create a bbauth_config.py file into your root project directory

Add the following lines, replacing it with your appid and secret

# Put your Application ID and Secret hereAPPID = ‘5KzQuKHIkxxxxxxxxxxxxxxxxxxSztLwiAF7SECRET = ‘0e68e582xxxxxxxxxxxxxxxxxxxx0f25f4

In your views.py file add the following import statement.

from mysite import ybrowserauth, bbauth_config

Now assuming that I want to protect my photos view with YAHOO BBAuth I will add the following code in my photos view


def photos(self, ts, sig, token, userhas, appdata)# Instantiate the class    cptr = ybrowserauth.YBrowserAuth(APPID, SECRET, ts, sig, token, userhash, appdata)    if token == None: # If no token is found, create the authentication URL and display it      req.content_type = "text/html"      outstuff = cptr.getAuthURL('someappdata', 1)      from django.http import HttpResponseRedirect        #this will redirect to YAHOO login page       return HttpResponseRedirect(outstuff)    else:      # If a token is found, it must be Yahoo!'s bbauth coming back as the      # "success" URL. So, we validate the signature and do all the work      request_uri = req.parsed_uri[6]+ '?' + req.parsed_uri[7]      cptr.validate_sig(ts, sig, request_uri)      userhash = cptr.userhash      appdata = cptr.appdata      cookie = cptr.cookie      token = cptr.token      wssid = cptr.wssid      # Your photos view definition goes follows

Use example bbatestMAIL.py and bbatestPHOTOS.py file that comes with the sample code


A php example can be found at Dan's Blog


Posted by Amaltas Bohra at 11:06 a.m.

8 comments »

If I'm not instrested in BBAuth ,Is there any way to access Yahoo ,alike Client Login in Google .

Ganesh says : 8th June, 2009

I need an BBAUtH SUCCESS URL (ex. httpp://domain.com/path/to/web/app')

Gina says : 23rd February, 2009

You are right. BBAuth only returns a hash, which can be used to identify a returning user. But this is more then Google at the moment offers. Sad but true. And so I have to stick to Google ClientLogin so far. At least for the development phase of my project.

Oliver Andrich says : 30th January, 2008

The problem with Google Auth is, that using AuthSub (preferable over ClientLogin) can be used for simple webpages, but you can't use the Google ID for storing data in your web application. In contrast Yahoo supports the retrieval of the user id. But hopefully Google will add this too.\r
\r
And thanks for the Yahoo! code :)

Oliver Andrich says : 29th January, 2008

AFAIK, Yahoo do not give user id, but just give user hash which is unique to each user. There is no way to get the actual user ID, correct me if I am wrong.

Amaltas says : 29th January, 2008

have you tried integrating Google Auth in django apps ? or can you write about it ?

json says : 23rd January, 2008

Excellent Start! Good Luck....

Syed Abbas says : 23rd January, 2008

@json
\rI haven't tried Google Auth API yet. You can find detailed documentation at Google Auth for web applications.

Amaltas says : 23rd January, 2008

Have your say

Name

Spam is a pain. If you are posting comment on this site for the first time, we will send you an email to activate the comment. Once you activate the comment, you can post comments without activation. This is one time activity.

Email (not published)

Blog/Website URL

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>