Orga API Server serves the organizer with many features but there was need of one feature which will allow us to provide Organizer an option to connect with their social media audience directly from API server. This will also allow the Orga Server users to share their experience for different events on their social media platforms.
For this feature, some of the social media platforms added are:
- Google+
Before connecting with these social media platforms, we have to implement and test The Auth Tool – OAuth 2.0
Without going on introductory introduction to OAuth 2.0, Let’s focus on its implementation in Orga API Server
OAuth Roles
OAuth defines four roles:
- Resource Owner
- Client
- Resource Server
- Authorization Server
Let’s look at the responsibility of these roles when you connect your social apps with API server
> Resource Owner: User/Organizer ( You )
You as User or Organizer connection your accounts with API server are the resource owners who authorize API server to access your account. During authorization, you provide us access to read your account details like Name, Email, Profile photo, etc.
> Resource / Authorization Server: Social Apps
The resource server here is your social platforms/apps where you have your account registered. These Apps provide us limited access to fetch details of your account once you authorize our application to do so. They make sure the token we provide match with the authorization provided before through your account.
> Client: Orga API Server
Orga API Server acts as the client to access your account details. Before it may do so, it must be authorized by the user, and the authorization must be validated by the API.
The process to add
A simple work plan to follow:
- Understanding how OAuth is implemented.
- Test OAuth implementation on all 4 social medias.
- After Necessary correction. Make sure we have all views(routes) to connect these 4 social medias.
- Implementing the same feature on the template file.
- Make sure these connect buttons are shown only when Admin has registered its client credentials in Settings.
- Creating a view to unlink your social media account.
Understanding how OAuth is implemented.
Current Implementation of Oauth is very simple and interesting on API server. We have Oauth helper classes which provide all necessary endpoints and different methods to get the job done.
Test OAuth implementation on all 4 social medias.
Now we can work on testing on the callbacks of all 4 social apps. We have callback defined in views/util_routes.py For this, I picked up the auth OAuth URLs and called them directly on my browsers and testing their callback. Now on callback, those methods required some change to save user data on database thus connecting their accounts with API server. This lead to changes in update_user_details and on callback methods.
def update_user_details(first_name=None, last_name=None, facebook_link=None, twitter_link=None, file_url=None, instagram=None, google=None):
Make sure we have all views(routes) to connect these 4 social medias
This has to be done on views/users/profile.py Addition of one method
@profile.route('/google_connect/', methods=('GET', 'POST')) def google_connect(): .... .... return redirect(gp_auth_url)
and testing, correction on other 3 methods
Implementing the same feature on template file.
Updating gentelella/users/settings/pages/applications.html to add changes required to add this feature. This included ability to show URLs of connected accounts and functioning connect and disconnect button
Make sure these connect buttons are shown only when Admin has registered its client credentials in Settings.
fb = get_settings()['fb_client_id'] != None and get_settings()['fb_client_secret'] != None .... .... ...
The addition of such snippet provides data to the template to decide whether to show those fields or not. It will not make any sense if there is no application created to connect those accounts by Admin.
Creating a view to unlink your social media account.
utils_routes.route('/unlink-social/<social>')
def unlink_social(social):
if login.current_user is not None and login.current_user.is_authenticated:
...
...
A method is created to unlink the connected accounts so that users can anytime disconnect their accounts from API server.
Where to connect?
Settings > Applications
How it Works (GIF below )
