Week 6 : Creating Social Auth Implementers Using The Base Library Of TheLeagueoAuth

Submitted by hudixt on Wed, 07/12/2017 - 19:17

I am working on Adding support for The league oAuth and new implementers for social auth and social post under the mentorship of Getulio Sánchez "gvso" (Paraguay) and Daniel Harris “dahacouk” (UK).

Last week, I started working on creating the first social_auth implementer using theleague library. This week I continued that work and have created 5 social_auth implementers using theleague oAuth2 library.

Here are some of the things that I worked on during the 6th week of GSoC coding period.

Adding the scope field in settings form page -  I have added a new field, additional data where site administrator can define data fields which they want to retrieve from social provider during the authentication process. The site administrator can choose from listed field in scope page on the documentation page. The data points are separated by commas. This data can additionally be used by other modules by accessing it through social_auth entity. All the data is stored in the JSON format.

Mitigating CSRF attack [Cross-site request forgery] - We’re storing oAuth2State in persistent data handler class and checking the state when the user is redirected back, this is to the prevent the CSRF attack. Look at the illustrative explanation about CSRF attack on StackOverflow. Thus storing state and checking back when the user comes back to the site helps in preventing the CSRF attack.


CSRF Attack

Credit - https://www.twobotechnologies.com

Change in SocialAuthUserManager method [Link to PR] - As we’ve added new field data to be stored in database, we need to slightly modify the methods in SocialAuthUserManager.

New Social Auth Implementers - Currently I have created 2 new social_auth implementers for the Social API project, Instagram and GitHub. Also, I have created 3 of our existing implementers Facebook, Google and LinkedIn to use the officially supported base library of the league oAuth2.

  • Social Auth Facebook [Link to PR] - We’re using league/oauth2-facebook as the base library of the league.

  • Social Auth Google [Link to PR] - We’re using league/oauth2-google as the base library of the league.

  • Social Auth Instagram [Link to Code]  - We’re using league/oauth2-instagram as the base library of the league.

  • Social Auth Github [Link to Code]  - We’re using league/oauth2-github as the base library of the league.

  • Social Auth Linkedin [Link to Code]  - We’re using league/oauth2-linkedIn as the base library of the league.

These were some of the important topics related to my project that I had to work on during my fourth week. I was thrilled by the sixth week of Google Summer Of Code coding phase. My goal for the next week to get complete around 14 more social_auth implementers and then start working on the documentation part of the newly created implementers.