Social login would be a very useful feature. I somewhere read that you are planning to implement it soon?
March 29, 2018
12
-
-
Its planned, but not for anytime soon. More like Q3/4 this year, whenever new frontend is released ;)
-
How much time would it take a developer to add this feature if he were to do it externally?
-
Don't know. Maybe 10 days? It would take some digging to come up with an better estimate and I don't feel like doing it to be honest ;)
-
10 days, really? I mean this feature has been around for years now, it's difficult for me to imagine that it takes 10 full days to implement.
-
10 working days amounts to 70 hours of work. Feels reasonable considered there are both backend and frontend changes involved and you don't want crappy code without any testing or design work behind it IMHO. :]
-
So you need to create this feature from scratch? There is nothing available you can use to modify?
-
Installing
python-social-authis easy part, but those libraries come only with bare-bones user interface and certain defaults that you would need to customize for using it in Misago. -
Would it speed up the process if for starters you only allowed seamless login for Gmail users?
-
Depends on what you are asking. For somebody else, perhaps smaller scope would let them make some assumptions that would shave on number of edge cases and shorten time to delivery.
But if you are asking if that will make me get feature faster into Misago, then I am sorry but I don't cut corners like that, unless I know that use cases I'll be cutting are tiny portion of all possible use cases, and it'll wont result in additional support burden on me and answering additional questions like "you've did XYZ, why not ZVX? How do I get ZVX in? Why not support both?" and that kind of story ;) I'm making exceptions on this from time to time, but I don't fell like this is the case where exception would be acceptable.
-
Small dev update, as I've found time during holidays to work on social login and so far I have following things done:
- Enable social login for any site supported by Python Social Auth (or your own oauth server if you have one).
- Display social login buttons on login and register forms
- If social site returns e-mail (not always the case), and user already exists with this email, sign them in
- If social site returns e-mail and user doesn't exist with this email already, attempt to create new account
I have the above working with GitHub. Sadly Facebook decided to go full-hostile on integrations devs and they don't support sending data to applications running on localhost or without HTTPS. But thats... fine. I've already got plenty of experience with it to know what's expected when it comes to their API.
As I've feared,
Python Social Auth's "batteries included" were unfit for use in internet forum, and I've had to write my own implementations for a plenty of things. This was mostly caused by following:- Misago allows users to login via email or username. This confuses great deal of 3rd-party Django extensions that deal with the login process, as they assume that login happens exclusively with username.
- Misago comes with bans system that lets board admins restrict access to the site for IP addresses as well forbid the use of certain usernames or emails.
- Misago also imposes certain requirements on valid usernames, forcing us to plow trough whatever user data social site has returned to us and guess what to use to build final valid username. eg. Facebook returns Rafał Pitoń
as username, and we need to convert it toRafalPiton` to be useable for Misago. - Misago allows admin review step for newly created accounts, and this should be the case for accounts created over the social site.
- Error messages that
Python Social Authreturns are unfit for showing to the user and are not translateable, so I've had to create custom error handling step. - We are using JavaScript for our interface, so have to create custom "finalize registration" step in JavaScript instead of using one by
social-auth-django-app.
Here's how it looks like, just note that currently I've opted to don't use icons for social providers, this may change however in one of next releases:
-
The social login flow seems to be complete, however it lacks tests and extra handling in other parts of application (like user control panel requiring user to still provide password):
I'm hoping that in two weeks I'll wrap up the work on this feature and move on to bugfixes that I've also wanted to include in Misago 0.18
-
You can now sign in on this site using GitHub! I'll likely add Facebook in few days, after I sit down to write privacy policy that Facebook Login requires for production apps.
