Episode 99: OAuth 2 and Authentication Choices for Your Python Project
The Real Python Podcast
Feb 25, 2022 58m
Have you thought about what authentication system you want to use for your Python project? Should you use an existing Python library or a third-party service? This week on the show, Dan Moore is here to talk about authentication systems and OAuth 2.
Dan is the head of developer relations at FusionAuth. He shares advice about setting up an authentication system, setting up device grants, using social login, and addressing privacy issues. Dan also provides multiple resources to learn much more about the topic.
Course Spotlight: Using Google Login With Flask
In this course, you’ll create a Flask application that lets users sign in using their Google login. You’ll learn about OAuth 2 and OpenID Connect and also find out how to implement some code to handle user session management.
Topics:
- 00:00:00 – Introduction
- 00:01:58 – What is FusionAuth?
- 00:03:13 – What is the single-responsibility principle?
- 00:04:14 – Thinking about setting up an authentication system
- 00:08:42 – Background on OAuth
- 00:13:26 – Device grants
- 00:19:23 – Using another provider’s login and addressing privacy issues
- 00:28:39 – Video Course Spotlight
- 00:29:53 – Resources to learn more about privacy and identity
- 00:32:39 – Setting up an OAuth system
- 00:35:59 – DIY authentication pitfalls and hashing passwords
- 00:42:57 – Staying on top of updates and social engineering
- 00:51:29 – Resources for learning more about OAuth
- 00:54:30 – What are you excited about in the world of Python?
- 00:55:42 – What do you want to learn next?
- 00:56:49 – Final words and social connections
- 00:57:47 – Thanks and goodbye
Show Links:
- FusionAuth - Auth. Built for Devs, By Devs
- RFC 6749 - The OAuth 2.0 Authorization Framework
- RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
- Single-responsibility principle - Wikipedia
- oauthlib · PyPI
- Final: OpenID Connect Core 1.0
- International Association of Privacy Professionals
- IDPro: Identity Professionals
- Have I Been Pwned: Check if your email has been compromised in a data breach
- Hash Functions | National Institute of Standards and Technology (NIST) - Computer Security Resource Center (CSRC)
- Guides Overview - FusionAuth
- The Modern Guide to OAuth - FusionAuth
- Solving Identity Management in Modern Applications | SpringerLink
- OAuth 2 in Action
- Getting started — Django OAuth Toolkit 1.7.0 documentation
- Flask-Login — Flask-Login 0.4.1 documentation
- Adding social sign in to your Django web application using OAuth - FusionAuth
- Create a Flask Application With Google Login – Real Python
- Draft IETF - OAuth V2.1.04