Single sign-on in Hue with Twitter and OAuth

Published on 13 May 2013 in Development - 4 minutes read - Last modified on 19 April 2021

This post talks aboutHue, an open source web-based interface that makesApache Hadoop easier to use.

Hue’s target is the Hadoop user experience and lets users focus on big data processing. In the previous posts we focused on some [new features][1] and how to quickly analyze your [data][2] with the Hive editor.

This time, we are going to follow-up on Hue authentication mechanisms. We previously described a [list of backends][3] like LDAP, AllowAll (improved recently in the latest [2.3 release][4] with [HUE-962][5]) and this post will show how you can use your Twitter account for login-in into Hue. We are using Twitter as an example but could have picked Facebook Connect (they both use [Open Authentication][6]).

Creating a Twitter Application

First, we need to create a new Twitter application by going to the [developer platform page][7]. Provide some details about the application like the name and description. In order to avoid trouble later, do not forget to specify a placeholder URL in the ‘Callback URL’ field. This actually can be any URL and will prevent you from hitting a known [bug][8] later.

image

Creating a new application

image

The Twitter application page

 

Open Authentication communication

After creating your account, here is how Hue is going to interact with it through its new OAuth Backend (which implements Twitter [OAuth][9] version 1.0).

 

  1. When the user clicks on the ‘Sign in’ button, Hue will perform its [first call ][10]to Twitter for a request token. Hue sends both its key and secret and a URL callback and gets back a request token (OAuth token + secret).
  2. The user is then redirected to Twitter (with only the OAuth token) which will ask him to authorize Hue to use his Twitter account. After this validation, Twitter redirects the user to Hue with the call back.
  3. Hue sends the OAuth token and secret to Twitter and logs in the user if Twitter validated them.

image

OAuth Sign in page of Hue

image

Authorizing Hue to use your Twitter account

image

Logged-in user

 

All this process is transparent to the user. You only have to click once to log in (twice if the Hue session has been terminated). Hue automatically uses your twitter username as login.

 

Do it yourself

Hue 2.3 ships with a new OAuthBackend (added in [HUE-966][11]). Hue leverages the great [OAuth2 Python][12] lib and the [httplib2][13].

In order to configure Hue for this example, in hue.ini, specify the OAuth backend and the consumer key and secret which are appear on your “The Twitter application page” (cf. above section):

 

[desktop]

 # Configuration options for user authentication into the web application
 # ------------------------------------------------------------------------

 [[auth]]

    backend=desktop.auth.backend.OAuthBackend

 # Configuration options for using OAuth login
 # ------------------------------------------------------------------------

 [[oauth]]

    # The Consumer key of the application
    consumer_key=XXXXXXXXXXXXXXXXXXXXX

    # The Consumer secret of the application
    consumer_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
## Conclusion Hue ships with various backends and offers a pluggable system which is easy to customize to your needs. In practice you could extend it to reuse your company login system and provide a [single sign-on][14] experience to your Hue users. Moreover, the user’s OAuth token can be saved into the user profile and be used for interacting safely with the service. For example, the Twitter token could let Hue fetch the user’s tweets and followers and display them directly into Hue. If the app asked for more permissions, it would even be possible to send some tweets or direct messages. Hue is seeing a continuous growth in [activity][15] and is on track for providing a lot of new features and fixes in 2.4. Coming posts are going to focus on some [demos][16] of common data analysis scenarios made easier with Hue. In the meantime, feel free to participate on the [group][17]! [1]: http://blog.cloudera.com/blog/2013/03/whats-new-in-hue-2-2/ [2]: http://blog.cloudera.com/blog/2013/03/how-to-analyze-twitter-data-with-hue/ [3]: http://blog.cloudera.com/blog/2012/12/managing-permissions-in-hue/ [4]: http://gethue.tumblr.com/post/49863621004/hue-2-3-0-apr-15th-2013 [5]: https://issues.cloudera.org/browse/HUE-962 [6]: http://oauth.net/ [7]: https://dev.twitter.com/apps/new [8]: https://dev.twitter.com/discussions/392 [9]: https://dev.twitter.com/docs/auth/oauth [10]: https://dev.twitter.com/docs/api/1/post/oauth/request_token [11]: https://issues.cloudera.org/browse/HUE-966 [12]: https://github.com/simplegeo/python-oauth2 [13]: http://code.google.com/p/httplib2/ [14]: http://en.wikipedia.org/wiki/Single_sign-on [15]: http://www.meetup.com/San-Francisco-Bay-Area-Hue-Users/ [16]: http://blog.cloudera.com/blog/2013/04/demo-hdfs-file-operations-made-easy-with-hue/ [17]: https://groups.google.com/a/cloudera.org/forum/?fromgroups#%21forum/hue-user

comments powered by Disqus

More recent stories

26 June 2024
Integrating Trino Editor in Hue: Supporting Data Mesh and SQL Federation
Read More
03 May 2023
Discover the power of Apache Ozone using the Hue File Browser
Read More