Permalink
Browse files

added docs dir

  • Loading branch information...
tuxcanfly committed Jul 5, 2010
1 parent b5dcad9 commit 37aab805f2814e79fb992ed596a8e8279544dfa3
Showing with 90 additions and 0 deletions.
  1. 0 { → docs}/LICENSE
  2. +90 −0 docs/README
  3. 0 {example_project → docs}/requirements.txt
View
File renamed without changes.
View
@@ -0,0 +1,90 @@
+What it does.
+-----------------
+1. Allow logging in via various providers.
+2. Import contacts from various third party sites, to find out which of your
+friends already use our service.
+
+Logging In
+================
+
+
+This is a application to enable authentication via various third party sites.
+In particular it allows logging in via
+1. Twitter
+2. Gmail
+3. Facebook
+4. Yahoo(Essentially openid)
+4. OpenId
+
+Libs you need to install
+See requirements.txt
+use `pip install -r requirements.txt` to install all dependencies at once
+
+
+The API Keys are available from
+
+http://www.facebook.com/developers/createapp.php
+https://developer.yahoo.com/dashboard/createKey.html
+https://www.google.com/accounts/ManageDomains
+http://twitter.com/oauth_clients
+
+How it works.
+-------------------
+Openid: Users need to provide their openid providers. Talk to the providers and
+login.
+Yahoo: Yahoo is an openid provider. Talk to Yahoo endpoints. (Endpoint: http://yahoo.com)
+Google: Google is a provider. Talk to them. (Endpoint: https://www.google.com/accounts/o8/id)
+Facebook: Facebook connect provides authentication framework.
+Twitter: We use Twitter Oauth for authentication. In theory, Oauth shouldn't be
+used for authentication. (It is an autorisation framework, not an authentication one),
+In practice it works pretty well. Once you have an access_token, and a name, essentially
+authenticated.
+
+References
+1. http://openid.net/developers/
+2. http://developer.yahoo.com/openid/
+3. http://code.google.com/apis/accounts/docs/OpenID.html
+4. http://apiwiki.twitter.com/OAuth-FAQ
+5. http://developers.facebook.com/connect.php
+
+Limitations
+--------------
+
+As with all APIs, we are limited by the amout of data which the API provider
+provides us. For example, both Yahoo and Google provide extremely limited data
+about the autheticated subscriber. Twitter and Facebook provide a lot of details,
+but not the email. Different Openid providers are free to provide [different
+amounts of data](http://openid.net/specs/openid-simple-registration-extension-1_0.html).
+
+How it works.
+-----------------
+1. For all providers(except Facebook) there are two urls and views. (start and done)
+2. Start sets up the required tokens, and redirects and hands off to the correct
+provider.
+3. Provider handles authentication on their ends, and hands off to Us, providing
+authorization tokens.
+4. In done, we check if the user with these details already exists, if yes, we
+log them in. Otherwise we create a new user, and log them in.
+
+For all of these, we use standard django authenication system, with custom
+auth_backends, hence all existing views, and decorators as login_required
+will work as expected.
+
+Urls
+---------
+
+/login/ Login page. Has all the login options
+/openid_login/ AND /openid_login/done/
+/yahoo_login/ AND /yahoo_login/done/
+/gmail_login/ AND /gmail_login/done/
+/twitter_login/ AND /twitter_login/done/
+/facebook_login/done/ We dont have a start url here, as the starting tokens are
+set in a popup.
+
+Implementation
+----------------
+0. Install required libraries.
+1. Get tokens and populate in localsettings.py
+2. Set the token callback urls correctly at Twitter and Facebook.
+4. Set the authentication_backends to the providers you are using.
+
File renamed without changes.

0 comments on commit 37aab80

Please sign in to comment.