All-natural web development, poignant wit, and hippie ramblings since 2004.
Fresh thoughts
Also fresh:
- A blood pledge to never vote for Tony Abbott (27 Oct 2011)
- Geeks vs hippies (11 Oct 2011)
- Don't trust Facebook with your data (4 Oct 2011)
I'm Currently
Not available
Flat out with full-time work and with side projects for the foreseeable future.
Availability last updated: 3 Nov 2011.
Recent work UTS Newsroom
It's recently become quite popular for web sites to abandon the tasks of user authentication and account management, and to instead shoulder off this burden to a third-party service. One of the big services available for this purpose is Facebook. You may have noticed "Sign in with Facebook" buttons appearing ever more frequently around the 'Web.
The common workflow for Facebook user integration is: user is redirected to the Facebook login page (or is shown this page in a popup); user enters credentials; user is asked to authorise the sharing of Facebook account data with the non-Facebook source; a local account is automatically created for the user on the non-Facebook site; user is redirected to, and is automatically logged in to, the non-Facebook site. Also quite common is for the user's Facebook profile picture to be queried, and to be shown as the user's avatar on the non-Facebook site.
This article demonstrates how to achieve this common workflow in Django, with some added sugary sweetness: maintaning a whitelist of Facebook user IDs in your local database, and only authenticating and auto-registering users who exist on this whitelist.