Hi, I'm Matthias

I am a founding partner of Feinheit AG and Die Bruchpiloten AG. Find me on GitHub, Mastodon, LinkedIn or by email.

2014-07-23

Note! While I still think the ideas in this blog post are sound, the reference to django-email-registration is a bit outdated. I recommend django-authlib these days instead.

User registration in the age of social media platforms

When we started using Django at Feinheit, django-registration was the app to go to when you had to implement registration and login functionality on a website.

With the advent of social media platforms things changed. Choosing a username and a password for each and every site was getting tiresome. More and more accounts are created by authenticating using Twitter, Facebook, Google, Github or whatever suits the needs of websites. Supporting email-based registration is still important of course, but can be implemented by a much smaller app.

Django supports cryptographic signing now, which makes it much easier to provide some data to a user and check whether we get it back unmodified. We do not need to store emails and verification codes in the database if we only want to confirm email addresses for account creation. Instead, we simply craft a special link containing the email address and a cryptographic signature signed with Django’s SECRET_KEY.

That’s what django-email-registration does. It can either be used as an alternative step to social authentication, and also to confirm email addresses for already existing users.