Single sign-on in Hue with Twitter and OAuth

Single sign-on in Hue with Twitter and OAuth

This post talks aboutHue, an open source web-based interface that makesApache Hadoop easier to use.

Hue’s target is the Hadoop user experience and lets users focus on big data processing. In the previous posts we focused on some new features and how to quickly analyze your data with the Hive editor.

This time, we are going to follow-up on Hue authentication mechanisms. We previously described a list of backends like LDAP, AllowAll (improved recently in the latest 2.3 release with HUE-962) and this post will show how you can use your Twitter account for login-in into Hue. We are using Twitter as an example but could have picked Facebook Connect (they both use Open Authentication).

Creating a Twitter Application

First, we need to create a new Twitter application by going to the developer platform page. Provide some details about the application like the name and description. In order to avoid trouble later, do not forget to specify a placeholder URL in the ‘Callback URL’ field. This actually can be any URL and will prevent you from hitting a known bug later.

image

Creating a new application

image

The Twitter application page

 

Open Authentication communication

After creating your account, here is how Hue is going to interact with it through its new OAuth Backend (which implements Twitter OAuth version 1.0).

 

  1. When the user clicks on the ‘Sign in’ button, Hue will perform its first call to Twitter for a request token. Hue sends both its key and secret and a URL callback and gets back a request token (OAuth token + secret).
  2. The user is then redirected to Twitter (with only the OAuth token) which will ask him to authorize Hue to use his Twitter account. After this validation, Twitter redirects the user to Hue with the call back.
  3. Hue sends the OAuth token and secret to Twitter and logs in the user if Twitter validated them.

image

OAuth Sign in page of Hue

image

Authorizing Hue to use your Twitter account

image

Logged-in user

 

All this process is transparent to the user. You only have to click once to log in (twice if the Hue session has been terminated). Hue automatically uses your twitter username as login.

 

Do it yourself

Hue 2.3 ships with a new OAuthBackend (added in HUE-966). Hue leverages the great OAuth2 Python lib and the httplib2.

In order to configure Hue for this example, in hue.ini, specify the OAuth backend and the consumer key and secret which are appear on your “The Twitter application page” (cf. above section):

 

[desktop]

 # Configuration options for user authentication into the web application
 # ------------------------------------------------------------------------

 [[auth]]

    backend=desktop.auth.backend.OAuthBackend

 # Configuration options for using OAuth login
 # ------------------------------------------------------------------------

 [[oauth]]

    # The Consumer key of the application
    consumer_key=XXXXXXXXXXXXXXXXXXXXX

    # The Consumer secret of the application
    consumer_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Conclusion

Hue ships with various backends and offers a pluggable system which is easy to customize to your needs. In practice you could extend it to reuse your company login system and provide a single sign-on experience to your Hue users.

Moreover, the user’s OAuth token can be saved into the user profile and be used for interacting safely with the service. For example, the Twitter token could let Hue fetch the user’s tweets and followers and display them directly into Hue. If the app asked for more permissions, it would even be possible to send some tweets or direct messages.

Hue is seeing a continuous growth in activity and is on track for providing a lot of new features and fixes in 2.4. Coming posts are going to focus on some demos of common data analysis scenarios made easier with Hue. In the meantime, feel free to participate on the group!

4 Comments

  1. Jatinder 4 years ago

    Twitter is not working for me on Hue. I have configured hue with Apache Hadoop. I am getting the following error in my browser when I click on “Sign In” button in my browser.
    Redirect to https://api.twitter.com/oauth/authorize?oauth_token=vZkcEAAAAAAAgcqXAAABTlmhMOI is not allowed.

    If I paste above url in browser directly, it shows me “Autorize App” screen. Once I click it, it show me another error page mentioning “Invalid Response”.

    I am using latest version of hue and I have defined the callback url while creating the tweeter app.

    Your help is appreciated.

    • Hue Team 4 years ago

      SSO is just for loggin in. Cf. comment #2, were you able to log in and access the apps? (apps that might not be configured)

  2. Jatinder 4 years ago

    Update:
    Following is my current callback url:
    http://127.0.0.1:8000/oauth/social_login/oauth_authenticated

    I tried many others but of no use. For example: http://www.google.co.in

    None of the the searches is working for me. Yelp, Twitter, WebLog. If I login with other user, for example: hdfs, and I try to access search, I get error “connection refused 1111”
    =========
    Extra info:
    On hue configuration page, there is no error other than impala.

  3. Vinay 2 years ago

    How to integrate Hue with Azure Active Directory using OAuth?

Leave a reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.