Research Log of Web Science Students

Computer Science is not simply programming

First Sprint: Authentication

leave a comment »

googleid

For our first development session our goals were to let the app sign in using Google Id. No need to create an account which tends be irritatingly repetitive. All one needs is a Google account (gmail etc). We considered putting in other login options like Open ID and Yahoo! Id but we love Google so much we didn’t give it much thought (although Open ID will come in handy when OAuth comes into the picture).

Oauth vs OpenID
At first we were stuck with Oauth and OpenID because they both appeared to be the same thing. Both have Os in them which was a bit misleading but more importantly both have something to do with users.
But the difference is that OpenID takes care of authentication, verifying that a user is who he/she claims to be and Oauth deals with authorization — extracting user data say like flickr pictures or facebook comments from another site say like our app.

Having straightened that out, we still, however, decided to implement authentication by using Google id. Like I said, we love Google!

Held back initially
We were held back at the onset. This is the first time I am ever tinkering with a web api so I had no idea how to tackle documentation. The part where we were held most was Google’s suggestion of using an OpenID library. I tried JanRain but I was bogged down with installation. Although I have to say I learned a lot of PHP from it (since we’re developing on that platform and JanRain is written in PHP). There were so many things we needed for us to get started I even learned about cryptographic randomness — a security lab topic.

Standup Meeting

Since that was taking a lot of time (2 and a half hours!) I decided  that we should set our priorities: the login feature needed to work and that would be the only thing that would matter on Monday. We could toss best practices out the window for a while. Although if you ask me it doesn’t feel right.

Once we had that sorted out, development was a breeze. There were many firsts including our first checkout from our SVN.

We were able to finish our login feature but our adviser instructed we take a look at app engine because the app needed to be deployed on a cloud. And here I thought we were all set to develop on PHP. But app engine supports only Google and Python! I thought this was a bit of a setback but as always with Google, it never ceases to amaze you. Now I am having thoughts about developing on app engine! The decision will be made in a few hours. After going through the overviews of all its features  to be honest,  I am suddenly rooting for app engine — the Java part but I don’t know how that will check out with everyone invloved especially with my thesis partner and Projectrix who are also set to develop on PHP.  But using it does have its advantages (lots of them) and addresses a lot of our issues (Such as this thing with transactions and MySQL and Google and using Oauth).

But that would mean negating the efforts of this first spring. Sad. But sometimes you have to take 2 steps back to move forward.

Advertisements

Written by Jose Asuncion

August 9, 2009 at 7:23 pm

Posted in Hardwire

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: