Piperka blog

OAuth2 redux

I'm done with implementing OAuth2 logins for the new code base. I'm happy to say that the new implementation is a lot more robust than the one I bolted on top of my original code base three years ago.

I could well have moved forward with most everything I detailed on my last post without but I still feel that having OAuth2 available for user authentication is worth it. I want to get the barrier for any potential users from becoming actual users as low as possible and them not having to deal with one more password helps. When this code is in place I'll make sure to have more authentication providers than just Reddit, as there is now.

I'm using OAuth2 in two roles, where logging in is the obvious one. Another use is for account setting changes, like changing the password, can be verified by redoing OAuth2 authentication. As long as you're logged in to a provider's site account changes on Piperka's end can be done with just a mouse click. I'll add later on the option to use a provider for only logins, but I've tinkered with this quite enough for now as is. Going so far as to have two-factor authentication would likely be way overkill for a site like Piperka.

Implementing this at this stage did well to shape up the basics of the site code, even the parts that didn't immediately have anything to do with logging in. I had tied parts of user authentication too tightly to the template renderer and I took the chance to decouple the logic and the code is better off due to that. Likewise, the user account changes were processed in an awkward place and this too got fixed along the way.

I'm actually nearing the finishing line with this project. Of course, I'll pretty much end up nearly just where I am right now, but I'll have a far better platform for future development. Most of what's left is to add a few AJAX endpoints, test everything and tie up any straggling ends that I have yet lying around. I'll still have to see how to add support for the unofficial Android client without too much pain, how I did it was quite hacky in the first place. I'd welcome it if I had a client that used Google's OAuth2 for authentication instead.

I've developed the new site without CSS or javascript enabled so far but I've finally enabled them last weekend. Not everything agreed with the HTML I'm generating but those were some very minor issues. I took a week long vacation from work to help finish the rewrite and to get it to production. I plan to get the new code running on a new server in a few days and will allow some time for testing but I want it all done before February.

On a personal note, I made an arrangement with my employer and I'll be working as a part-timer starting next month, at least until autumn. I'll have one more day a week for working on Piperka. I may or may not make up for the part of the salary I'm not getting, but this just is something I wanted to do. I have everything set up for making Piperka the site I want to see.

submit to reddit
Sun, 21 Jan 2018 11:08:03 UTC