Single sign-on in Hue with Twitter and OAuth

This post talks about Hue, an open source web-based interface that makes Apache Hadoop easier to use.

Hue’s target is the Hadoop user experience and lets users focus on big data processing. In the previous posts we focused on some new features and how to quickly analyze your data with the Hive editor.

This time, we are going to follow-up on Hue authentication mechanisms. We previously described a list of backends like LDAP, AllowAll (improved recently in the latest 2.3 release with HUE-962) and this post will show how you can use your Twitter account for login-in into Hue. We are using Twitter as an example but could have picked Facebook Connect (they both use Open Authentication).

Creating a Twitter Application

First, we need to create a new Twitter application by going to the developer platform page. Provide some details about the application like the name and description. In order to avoid trouble later, do not forget to specify a placeholder URL in the ‘Callback URL’ field. This actually can be any URL and will prevent you from hitting a known bug later.


image

Creating a new application


image

The Twitter application page


Open Authentication communication

After creating your account, here is how Hue is going to interact with it through its new OAuth Backend (which implements Twitter OAuth version 1.0).


  1. When the user clicks on the ‘Sign in’ button, Hue will perform its first call to Twitter for a request token. Hue sends both its key and secret and a URL callback and gets back a request token (OAuth token + secret).

  2. The user is then redirected to Twitter (with only the OAuth token) which will ask him to authorize Hue to use his Twitter account. After this validation, Twitter redirects the user to Hue with the call back.

  3. Hue sends the OAuth token and secret to Twitter and logs in the user if Twitter validated them.


image

OAuth Sign in page of Hue


image

Authorizing Hue to use your Twitter account


image

Logged-in user


All this process is transparent to the user. You only have to click once to log in (twice if the Hue session has been terminated). Hue automatically uses your twitter username as login.


Do it yourself

Hue 2.3 ships with a new OAuthBackend (added in HUE-966). Hue leverages the great OAuth2 Python lib and the httplib2.

In order to configure Hue for this example, in hue.ini, specify the OAuth backend and the consumer key and secret which are appear on your “The Twitter application page” (cf. above section):


[desktop]

 # Configuration options for user authentication into the web application
 # ------------------------------------------------------------------------

 [[auth]]

    backend=desktop.auth.backend.OAuthBackend

 # Configuration options for using OAuth login
 # ------------------------------------------------------------------------

 [[oauth]]

    # The Consumer key of the application
    consumer_key=XXXXXXXXXXXXXXXXXXXXX

    # The Consumer secret of the application
    consumer_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Conclusion

Hue ships with various backends and offers a pluggable system which is easy to customize to your needs. In practice you could extend it to reuse your company login system and provide a single sign-on experience to your Hue users.

Moreover, the user’s OAuth token can be saved into the user profile and be used for interacting safely with the service. For example, the Twitter token could let Hue fetch the user’s tweets and followers and display them directly into Hue. If the app asked for more permissions, it would even be possible to send some tweets or direct messages.

Hue is seeing a continuous growth in activity and is on track for providing a lot of new features and fixes in 2.4. Coming posts are going to focus on some demos of common data analysis scenarios made easier with Hue. In the meantime, feel free to participate on the group!


This article was originally posted 1 year ago.

Tags: sdk tutorial


comments powered by Disqus

Blog Archive

Browse archive

Blog Tags

loading...