

Ask HN: What do you use for Flask social/oauth login? - rahimnathwani

I&#x27;m using Flask to develop a project (https:&#x2F;&#x2F;github.com&#x2F;rahimnathwani&#x2F;measure-anything).  I&#x27;ve used Flask for a few small things before, but this time I&#x27;m trying to do better by:<p>- Instead of having everything in a single .py file, using Python packages and Flask blueprints to make the code more modular.<p>- Having a way to distinguish between different users<p>- Tests (I haven&#x27;t written any tests yet)<p>I&#x27;m using Flask because I find Python comfortable, and I was scared off by the amount of convention I encountered when I researched Rails and Django.  Both Two Scoops of Django, and Michael Hartl&#x27;s Rails Tutorial, are excellent, but the learning curve to having a basic project working seemed too long.  Maybe I&#x27;m wrong.<p>Anyway, this is just to say that I realise I made a choice not to use a &#x27;batteries included&#x27; framework, so I shouldn&#x27;t expect social auth to be easy.<p>I&#x27;ve seen three different modules for social auth in Flask:<p>- https:&#x2F;&#x2F;github.com&#x2F;omab&#x2F;python-social-auth<p>- https:&#x2F;&#x2F;github.com&#x2F;mattupstate&#x2F;flask-social<p>- https:&#x2F;&#x2F;github.com&#x2F;wooyek&#x2F;flask-social-blueprint<p>Do you guys use one of these, or roll your own using Flask-OAuthlib?<p>I&#x27;m sure my ideal flow is pretty common: click a Facebook or Google button, click &#x27;authorise&#x27;, have the software auto-create an account, and then log me in.  I&#x27;m almost there with Flask-Social; I still need to enter my email address and a password before the account is created, but I think I can fix that as long as I can get an email address from somewhere.
======
bjourne
I used flask_oauth: [https://pythonhosted.org/Flask-
OAuth/](https://pythonhosted.org/Flask-OAuth/) You can take a look at how it's
used in this file:
[https://github.com/bjourne/vvm/blob/master/app/users/views.p...](https://github.com/bjourne/vvm/blob/master/app/users/views.py)
Personally, I wouldn't want to use Flask-Social or anything like that because
it feels like putting on a straitjacket. You have to follow someone else's
conventions and idiosyncrasies and setting up oauth the way you want it is
easy (~100 lines max) so it doesn't buy you anything anyway.

~~~
rahimnathwani
Thanks. This code sample will be useful for me to study. It follows the
structure I am using (a separate 'users' package which creates a users
Blueprint) but hand-rolls the stuff I was trying to do with flask-social,
whilst still leveraging flask-login.

------
joeclef
I use Automatic, it comes with Facebook, google oauth support and it is very
easy to use.
[http://peterhudec.github.io/authomatic/reference/providers.h...](http://peterhudec.github.io/authomatic/reference/providers.html)

~~~
rahimnathwani
Thanks. Do you use it alone, or alongside flask-login?

------
nyddle
I use flask_oauth, but it seems rauth/flask-rauth is more up to date.

~~~
rahimnathwani
Thanks for this! I just had a look at the docs/examples for flask-oauth,
flask-rauth and flask-oauthlib. They each appear to provide similar
functionality: redirect the user to authorize the app, and then return back an
access token and maybe other account details like username or email address.

I see that I would have to build my own functionality for keeping track of
users between sessions, i.e. a persistent user database.

Do you create a 'shadow' user account in your system to correspond with each
authorized account? What happens if someone logs in with Facebook one day, and
Google another day; do they end up with two user accounts?

More importantly, do you write your user management code again each time you
create a new project, or is it modular enough that you can re-use it?

~~~
nyddle
Yes, I don't check if the same user logged in with a different social account.

Modular enough for my needs. I tried [https://github.com/mattupstate/flask-
social](https://github.com/mattupstate/flask-social) which seems to be a more
structured approach but couldn't wrap my head around it.

