Compared to existing tools like Facebook login button or RPXnow this tool may be useful when you need more data from user than Facebook can provide with the login button or through RPX. You can display a nice one form to the user. If you don't need extra data from the user - you can stick with existing solutions.
- At start we have to create a basic Facebooku application that will be used by the registration form (if you use RPX or FB Login button you have it already). In the app settings (second tab) we have set the website domain under which we will use the form.
- Write down the application identifier and "App Secret". You can even add that to settings.py.
Facebook will send the data to the specified URL via POST request. Under signed_request we will get a string containing a signature(dot)registration_data. The registration data is JSON encoded by base64. We have to split the string, decode the data and check if the signature is valid (if this is valid Facebook response and not some hacking). The signature is made from the JSON data and "App Secret" of you app.This snippet of code (helper function + Django view) will handle checking and decoding the registration data and making a new user if he isn't registered yet: The view receives the data, decodes and check it then it checks if user exists (by username or email) if not it will create a user account and adds a association for RPX/FB Login button system. If the user does exist - he will be redirected to some login view.
If you want user to be able to login later on your site with login/password without the use of Facebook then you have to add a custom field for the password, or generate a random one and mail it to the user (less user friendly).