LastUser for user management

Managing user accounts is a pain. Standard methods like validating email addresses and resetting forgotten passwords are required for every app. Most large frameworks come with user management code, but if you run multiple websites and want to share users between them, you are on your own.

LastUser is federated user management app. It runs standalone and supports authentication via OAuth2 using a protocol inspired by Twitter and Facebook. It can be plugged into your apps with minimal effort. LastUser is open source and available under the BSD license.

LastUser supports Twitter and Google authentication and will seamlessly integrate with your app. We've so far built a client library for Flask that brings user management down to 10-15 lines of boilerplate code. Client libraries for other frameworks and languages are forthcoming.

The talk will cover:

1. Why user management is painful and should not be reinvented each time,
2. The case for federated user management,
3. Why OAuth2 was chosen instead of the more obvious OpenID,
4. How LastUser implements the distinction between authorization and resource servers as specified in the OAuth2 spec,
5. LastUser's API beyond the limited featureset defined by OAuth2,
6. LastUser's implementation using the Flask micro-framework, and
7. The client-side implementation using the Flask client library as an example.

LastUser is available from https://github.com/hasgeek/lastuser

Kiran Jonnalagadda began using Python to build websites with the Zope framework in 1999 and has since remained an avid Python user, exploring various frameworks and the benefits they bring to the table.

• Personal Blog
• Twitter: @jackerhack
• Company: HasGeek