Chapter 18. User Authentication, Spiking, and De-Spiking
Our beautiful lists site has been live for a few days, and our users are starting to come back to us with feedback. âWe love the siteâ, they say, âbut we keep losing our lists. Manually remembering URLs is hard. Itâd be great if it could remember what lists weâd startedâ.
Remember Henry Ford and faster horses. Whenever you hear a user requirement, itâs important to dig a little deeper and thinkâwhat is the real requirement here? And how can I make it involve a cool new technology Iâve been wanting to try out?
Clearly the requirement here is that people want to have some kind of user account on the site. So, without further ado, letâs dive into authentication.
Naturally weâre not going to mess about with remembering passwords ourselvesâbesides being so â90s, secure storage of user passwords is a security nightmare weâd rather leave to someone else. Weâll use something fun called passwordless auth instead.
(If you insist on storing your own passwords, Djangoâs default auth module is ready and waiting for you. Itâs nice and straightforward, and Iâll leave it to you to discover on your own.)
Passwordless Auth
What authentication system could we use to avoid storing passwords ourselves? Oauth? Openid? âLogin with Facebookâ? Ugh. For me those all have unacceptable creepy overtones; why should Google or Facebook know what sites youâre logging into and when?
In the first edition I used ...
Get Test-Driven Development with Python, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
