Hacker News new | comments | show | ask | jobs | submit login

Alternate login backends are supported and documented. OpenID is as easy as a package install and adding a few settings. https://launchpad.net/django-openid-auth works well and it integrates into auth.

You completely missed my points:

1. The framework should not define your data model.

2. Many 3rd party apps depend on the existing User and other auth models.

I still must be missing your point... What would you prefer? If there was no contrib.auth then at best you'd have to do it all yourself which still means customizing third-party apps.

Authentication is something in my experience that is specific to an individual project. I don't want to be told what database schema I must use to store my user data - that's a specific project requirement (unless I'm building a cookie-cutter site, which Django is good at, as I've stated).

So what do I want ? For authentication there are some common requirements:

- session/cookie management to store a user ID (or other info)

- hooks/middleware/whatever to allow me to check user credentials on each request

- safe hashing/encryption of passwords

- form processing/validation

- integration with OpenID, oAuth, LDAP etc

If a framework, or libraries, provide these then that saves a lot of time and effort, and allows me to create a tailor-made solution.

You can do all of these with Django, but not unexpectedly it won't magically work with other people's code. I don't know how it could, if there's another framework that does this I'm interested.

contrib.auth can be made to do most of these if you still want the ability to play nice with other people's code who expect you to use auth. You'll have to create and manage User objects which it sounds like you're unwilling to do, but you can't have it both ways.

I think having it there is better than not. In most circumstances it saves me a lot of time. If I come across a circumstance that I can't use it then I'm just back to where I would be anyways and will have to write a lot more code and modify 3rd party apps.

Exactly, it saves a lot of time when you want a cookie-cutter site using lots of 3rd party apps. Not knocking that - there are lots of cases where that's exactly what you need. But this is what reminds me more of a CMS like Drupal than a framework - blocks of content managed by a single admin and authentication system.

When I want to do something more original and specific where I don't need all those apps, Django just gets in the way - and that's when I turn to a more lightweight and flexible framework.

Use the best tool for the job. Sometimes Django is that tool. The problem I have is with companies and individuals who think it's the only tool.

You forgot the pony.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact