Django-Allauth vs. Django Social Auth vs. Python-Social-Auth

Process Flow of Authentication and Authorization using OAuth 2.0 Protocol :

Fig: Process flow of Authentication through Google using OAuth 2.0

The whole process flow described above involves four steps. Firstly, the OAuth 2.0 credentials like client ID and client secret are obtained from the provide(Google Developers Console in this case) for the web application.  Now, to access any API, one needs to get the access token from the provider using the set of client ID and client Secret . After the user login, the user is asked whether they are willing to grant the permissions that the application is requesting. This process is called user consent. If the user grants the permission, the provider Authorization Server sends  the application an access token (or an authorization code that the application can use to obtain an access token). After the application obtains an access token, it sends the token to the Provider API in an HTTP authorization header. Access tokens have limited lifetimes. If the application needs access to provider's API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows an application to obtain new access tokens.
This is the whole workflow of the authorization using OAuth 2.0 protocol.

Majorly three django packages are used for integrating social authentication. Below, they are described briefly:

Django-allauth:

Codebase: https://github.com/pennersr/django-allauth  

It is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. In simple terms,  it is a combination of simple login and registration along with social authentication system.

Django-Allauth is the most popular Django package used for Authentication purposes. Best thing about it  is that it is available as open source which speeds up the development process due to collaborations with the developers all around the world.

Advantages of Django-allauth:

1. Support for Python 2.6, 2.7 and 3.3
2. Support for Django Version 1.4.3 and above.
3. Supports Social authentication through Dropbox and google using OAuth2.0
4. Supports multiple authentication schemes (e.g. login by user name, or by e-mail)
5. Multiple strategies for account verification (ranging from none to e-mail verification)
6. Support to connect multiple social accounts to a Django user account.
7. Consumer keys, tokens make use of the Django sites framework. This is especially helpful for larger multi-domain projects, but also allows for for easy switching between a development (localhost) and production setup without interfering with your settings and database.
8. Rapidly gaining traction and improving day by day.
9. FAQ page solves most of  the problems related to Django-allauth. Otherwise most problems are solved on StackOverflow under the tag #django-allauth. Also mailing list is also available to solve further issues if any.
10. It is well tested than other Django authentication packages; credits to consistent development work going on.
11. The installation, configuration is easy to get started with.
12. Pre-defined templates are available. Its upto the developer whether he wants to customize them or not.
13. Also, one can easily add the new backends if required.

Disadvantages of django-allauth:

1. While working on it and researching more about it, I found that it has  some documentation gaps that need to be fixed.
2. It can get problematic for beginners since it involves series of small but time-consuming hurdles.

Django Social Auth:

Codebase: https://github.com/omab/django-social-auth

Django Social-auth library is a Django package that was made for the social authentication. But the library is deprecated now and has migrated to Python-social-auth for providing better support to several frameworks and ORMs.

Advantages of Django-Social-Auth:

1. Provides social authentication using OAuth and OpenId mechanism
2. Support for Django, Flask, Pyramid, Webpy frameworks.

Disadvantages of Django-Social-auth:

1. This package is deprecated.
2. No support for Python 3.x
3. Development on its codebase has stopped.
4. Not well documented. It lacks FAQ page for bug fixing.

Python-Social-Auth:

Codebase: https://github.com/omab/python-social-auth

Python social-auth is easy-to-setup authentication system that provides vast support. It supports several frameworks and auth providers. It has migrated from django-social-auth to generalize the package to provide a vast support and implement a common interface to define new authentication providers from third-parties and bring support for more frameworks and ORMs.

Advantages of Python-Social-auth:

1. Provides support for frameworks such as Django, Flask, Webpy, Pyramid and Tornado.
2. Supports Python 3.x
3. Supports social authentication through Dropbox, Google, etc. using OAuth 2.0
4. Frameworks API is provided that ease the implementation to increase the number of frameworks supported.
5. ORMs like SQLAlchemy, Django ORM and Mongoengine are supported
6. Storage API is provided to add support to more ORMs.
7. Multiple social accounts can be associated to a single user.
8. Basic user data population, to allow custom fields values from providers response.

Disadvantages of Python Social-Auth:

1. Not well documented.
2. Newer package. So, we cannot predict the future developments.
3. Lot of issues(98 issues) are listed on Github.

Comparison between the three authentication packages:

Features	Django-Allauth	Django-Social-auth	Python-Social-auth
Commits on Codebase	Regular and fast- developing	No commits made since 6 months.	Regular commits on codebase
Python 3.x Support	YES	NO	YES
Authentication	Simple authentication + Social authentication	Only Social authentication	Only Social authentication
Predefined and customizable Templates	YES	NO	NO
Framework Support	Django	Django, Flask, Webpy, Pyramid and Tornado	Django, Flask, Webpy, Pyramid and Tornado
Total Commits	1072	1611	1384
Development Status	Beta	Beta	Beta
OAuth 2.0 Support	YES	YES	YES
Current Stable Version	0.19.1	0.7.28	0.2.2
Support for Dropbox and Google	YES	YES	YES
Repository Forks	545	735	458
Total no. of Contributors	150	167	148
Repo. watchers	1650	2169	1502

Selecting the Appropriate Package:

The package which does not affects the scalability of the project must be given more weightage among all other packages.

From previous work experience and research on authentication libraries, Django-Allauth turns out to be the most appropriate choice of them all. So. in my view, django-allauth should be used for integration.

How to fetch Images from different Social Media Networks using their APIs using O. Auth 2.0 Protocol?

1. First Open the Facebook graph explorer at https://developers.facebook.com/tools/explorer/145634995501895.
   We will get the web page similar to shown as below:
   
   
   2. Then, we need to click on Get Access Token button select the data that we want the users to provide us.After clicking the button ”Get Access Token”, we will get a screen similar to this and from the given options, we need to select the details that we want to fetch.
   (Screenshot on next page)
   
   
   3. After getting the access token, we can now use the filters provided on the left side as shown in the figure below. Select the details that you want. For example, in this case, we need to select the ‘albums’. In albums category, we need to select ‘photos’ field and then in ‘photos’ field, we need to select the ‘source’ field that will provide us the url of the images stored.
   
   
   
   4. After selecting the details, we need to press ‘submit’ button and it will make a GET request and give the data of all photos in users albums along with their source url and hence we can get the images through the json data that we get as shown in screenshot below.
   
   
   

Using the Facebook Graph API in python, we will get the same results as shown above. And hence, we can extract the urls of all the images from json data that we get and download the images on server. Finally, we can easily use them according to our use.

Fetching images from Dropbox using its API:

Dropbox doesn’t recommend to fetch all the folders and files in a single API call. There are two ways to fetch the images :

1. Fetch one by one using get_file_and_metadata method:
   A simple example for fetching a file :
   
   #python code for fetching a file gsoc.txt and saving in gsoc.txt on local machine
   f, metadata = client.get_file_and_metadata('/gsoc.txt')
   out = open(‘gsoc.txt', 'wb')
   out.write(f.read())
   out.close()
   print metadata
   
   get_file_and_metadata method returns an httplib.HTTPResponse that we should .read() from to get the full response.
   See this link https://www.dropbox.com/developers/core/start/python#downloading  for more information about this method.
   
2. Search for the particular file types and then download:
   There's no method to get a recursive list of files, so you would need to use /search to find files or /delta with no cursor to get the full list of files.
   See the link for more info: http://stackoverflow.com/questions/18270357/retrieve-all-image-files-using-dropbox-core-api

Fetching images from Google Drive:

Fetching images from Google Drive involves two steps:

1. List all the folders and files in the directory to get the fileId and other metadata about the files.
   This step involves the use of Children:list method for getting the details and metadata of the files and folder in the particular folder or root directory.
   
   
   
   For example, searching for folders and files found in root directory in the image shown below:
   
   
   After the search is completed, we get result in JSON format as shown in the next image:
   
   More details about this method can be found at: https://developers.google.com/drive/v2/reference/children/list#try-it
   
2. After getting the fileID, the final step is to get the url for downloading the files and folders. The files are downloaded using the get method of Google Drive API.
   The code of downloading the files using the get method is self provided by Google at https://developers.google.com/drive/v1/reference/files/get#examples.
   This makes the whole process of fetching the images more easier.