 We have these two wonderful students. I'm nobody. I'm an old guy in Drupal. I've been around Drupal.org over 10 years. Don't worry about me. This is the future right here. And why am I talking to you? Well, you'll find out a little bit here. We kind of tricked you guys. You want to learn about social API, but we're really actually just going to talk about Google Summer of Code and Google Code in. Now, I'm just kidding. I hooked you guys. As we all know in Drupal 8, no more hooks. All right, so here I am. I'm from USA, Drupal.org, over 10 years. If anybody's ever been to Chicago, you may have seen me over the years. I founded the community out there, organized over 100 events, Drupal training days, organized the first several camps. Now it's mid-camp and everything, but if you've been to Chicago, you've probably seen me around. That's how I started out contributing to Drupal, organizing events, community leader-type stuff. And then I eventually got into mentoring and organizing the Google Summer of Code and the Code-In programs. That's a big part of my life. I do do Drupal development, really big projects. I'm on the forefront of Drupal 8, but what I do to my time to contribute back to the community is organizing and mentoring students. And I like skateboarding and music, and if anybody's into fish, there's a little quote. We are everywhere. Google Summer of Code, has anybody ever seen those nicknames before? You may have heard of WebChick, Clossy, Alexua, and of course at the bottom there, we have GVSO. These are all students who went through GCI and GSOC. WebChick got her start in Google Summer of Code. And if you don't know who WebChick is, she's one of the top people in the entire Drupal community. And as I keep mentioning, because of these programs, this is kind of the future of Drupal. All right, let's get into the real presentation here. The social API was built by GSOC students, and that's why we're kind of sneaking in the story of Google Summer of Code and how this came in. We're actually gonna really talk about all this. What is a social API? Why are you here? Why do you care? What do you want to learn? If any of you have a Drupal website, and you need to interact with any of these social networks, authentication, posting, you can already do that in Drupal 8 because of these guys. We'll get one more. Just before I get too far into this, I just want to thank the Drupal Association for putting on a good event. They really help us out. They're also our fiscal sponsor for the Summer of Code. Google gives us lots of money. The DA manages it, helps do cool things, like bring these students out to DrupalCon and do presentations. So thank you to them. This has been a great event. And one more cool thing while I brag. If anybody's ever looked at Drupal.org, forward slash organizations, it lists all the top contributing organizations to Drupal, like who are the companies contributing the most code and everything. And over the past couple of years, because of us, we've been in the top 50. I think GSOC's in the top 30. So you see all these big companies that are sponsoring Drupal. They're here spending a lot of money, but it's not only those people contributing this awesome code. A lot of it's high school and college students. And again, I'm just kind of the emcee here. Now we're really gonna get into it with the fun stuff with the actual students. Hello everyone. I'm Valentin Sanchez. I'm from Paraguay. I'm currently studying computer science and political science at Swarthmore College, Lear Arts, Computer Science, Political Science. I was a Google coding 2014 Grand Prize winner. I did GSOC in 2016. I now mentoring both programs. I like to play soccer, ping pong. And but my favorite sport is to like, is to ask for more organization for open data. And I really like it when data is under arrest. And not under arrest. How I got into Drupal? I got into Drupal thanks to Sugar Labs, basically. I got an email from a mentor for GCI 2013, back in 2013. I registered for the competition. I wanted to complete tasks, but there was a technical issue and that was English. I didn't know how to speak English back then and I didn't understand anything that was going on. So the next year I decided I told myself, I'm gonna learn English and I'm gonna finish at least three tasks next year in 2014 because the rule is if you finish three tasks, Google will give you a t-shirt. And who doesn't want a Google t-shirt? Especially if you are a young teenager who is an air and like computers. You just wanna go to your high school and like, oh, look at my Google t-shirt. Is this very cool? Am I cool? So I completed the first three tasks. But something amazing happened and that is that my first patch was committed. It was very exciting to know that someone else in the world would be using code that you wrote. And I got excited about the competition and I started working more and more on it. And at the end of the competition, I've ported like seven modules from Drupal 7 to Drupal 8, including the scroll to top, minister users by role, block title link and all these modules. And how old were you when you did that? I was 17 years old when I did that. I started with GCI and then I got to this. I contributed patches to core, to Drupal core. And then in 2016, I did GSOC, Google Summer Code. And I worked on a project called the Social API. Of course, that's the title of the presentation. And it's a project to harmonize authentication and how to posting tasks with external providers, such as Facebook, Google, Twitter, LinkedIn, PayPal, all of these providers. And I like to think that Social API exists only because I wanted a t-shirt four years ago. And this is how my closet looks like right now. It's not because I'm a big fan of Google, it's just because I don't like spending money on clothes. But let's get to business, let's get to Social API. What is it? But before talking about Social API, I wanna bore you with all in talking. I wanna show you the code. You can get it in Drupal.org, project slash Social API. Or you can just type it on Google, Social API, Drupal. That probably is the first link, I hope. And I want to start with a background idea, the project idea. I was working on a project and I wanted to connect users. I wanted to login users using Google and Facebook and Facebook. And the problem was that there were many modules that were doing the same thing with different providers. I had a module that was doing that for Facebook, another one that was doing that for Google, but they were completely incompatible. If you wanted to login users and link accounts from Google and Facebook, you couldn't do it because they were different modules, there are not a common ground, there is not an API going on. And it was a big problem because they were working differently. You have to configure this module. This module works completely different. One of them was using the email address, the other one was using the user ID and that was very confusing. And also, that problem contributes to the idea that Drupal is hard to use. And I didn't like that. It was like, no way. There should be an easier way to connect to all the providers like Facebook and Google without going through all these steps. So I did an intensive research. I went to google.com, type my question and click on the first link. And the first link was about Drupal's social initiative. And these guys were created, I mean, they created this group in 2012 and they had all this idea of creating authentication with a common API, how to post in all of these cool things that I was thinking about. I was not alone. But there was a small problem with this project. And that was that they didn't write any single line of code during those four years. And I don't know if you agree with me, but I believe that code is important in a software development project, internet. So I contacted Daniel, who was one of the most active members in the group. And he agreed to mentor. The problem was that even though Daniel is great, he was more a project manager than a software developer. So I needed a new mentor that was another mentor who was more, that knows more about Drupal in terms of development. And I found out about Mateo, who is the maintainer of these cool modules such as OSTU and JSON API. But I contacted him because he was the maintainer of Facebook Outdoor Post, which was similar to what I wanted to do. So I contacted him and he agreed to mentor. But the main contribution of Mateo in this project was not that he only mentored the project, but it was that he was working on something called Social Outdoor Post. It was similar to what I wanted to build, but only for Outdoor Posting. And the truth is that most of the Social API core is based on this initial work by Mateo who was Social Outdoor Post. So that's really amazing. And during this talk, we divided the project in two phases. On the first phase, we were on developing the base code and on developing the core for Social API, Social Outdoor and Social Post. I will show you what's the difference between these modules later. And something called Social Widgets, which is not very well known, but if someone want to work on it, we can make it work as well. And then during phase two, I developed a bunch of implementers. Implementers are modules that work on top of these projects and allow you to connect to Facebook, Google, and any other services that you want to. And we improve and make the API more generic during the process. And this is how this, the basic architecture that we work on. And you can consider each rectangle to be a different module. And we have Drupal on the bottom. And then on top of Drupal, we're running Social API. And on top of the Social API, we have Social Outdoor and Social Post. And we are like basically the core of all of these projects. They work independently of each other. Do not need one for the other. And on top of Social Outdoor, you have Social of Facebook, Google, LinkedIn, Twitter, and much more. There are like 25 right now. And on top of Social Post, you have the same thing. You have Social Post, Twitter, LinkedIn, Slack, Facebook, and hopefully much more in the near future. And these were the key features that we work on. Naturally, I like to consider then the philosophy of the project. We work on making it protocol and library agnostic. We didn't want to depend on any protocol. We wanted the Social API to work with all of two, all of one, how, and whatever library you wanna use. After all, it's just HTTP. So it shouldn't depend on anything. Even though right now it's using PHP Delic as a default library, it's not dependent on that. You can build a Social API implementer without using that library. And also we wanted to create a common API, call and functionality, because that was the problem we were addressing. And this allows people to, if I know how to connect with Facebook, I can do it with Google. I can do it with LinkedIn. I can do it with PayPal. It should be the same everywhere. I should already know how to do them if I know how to do one of them. And also we wanted to make it easy to contribute to it. In fact, GCI students developed new implementers in one day, like in five or seven hours, using very sick and elemental software development skills like copy and pasting code and changing names. So I can assure you that it's very easy to develop new implementers for other services. Is that, are you talking about Maskey? Yeah, Maskey is developed social out of Amazon. And another student developed social out of Twitter two years ago. And these are GCI, these are high school students. And these are high school students working during GCI, during these things in one day. So it's very, very cool. But I wanna show you a presentation on one of the projects I work on. This is actually the updated version up to date. This is social post Twitter. Well, I already started, I already started the module for this presentation. And then you can go to the configuration, you go to this page, Twitter. Oh, that wasn't good, Twitter. And then from Twitter, from Twitter apps, we just copy the API key and the API secret into the settings. Just save that. Now you can go into configuration. You can use the API alone and just code it if you want, but you can also use rules. It's like very cool modules to react to events on Drupal. So I just use rules in this example. Just go to rules and then you can add the new reaction rule, one that's called tweet. And then I added an action that like, after saving new content, I'm gonna tweet something. And then you go into add action and there is an action that is tweet, which is created by social post Twitter. And then after creating the action, you type what you wanna tweet. In this case, I wanna tweet like, this is a post with title and the title of the post that I know that I am posting for Drupal code. And then I save this, I save this and I save the rule action. And I can just go to my account, this is my user name, my user, so I can just scroll down to the lead form. And I can add accounts, I can add multiple accounts, I can add three or four accounts if I want. I will just add one. I authorized Twitter and then I go back. Yeah, that's the account that was linked to my user name. Now anytime I add that content on my site, like social post Twitter, that's the title. Then I just add in a buddy and then save in the post. Cool, it was great. Now if I go to my Twitter account, I have the post there. Cool, yeah, let's see, let's see, let's see. That was easy, you didn't write any single line of code. And the idea is that you can do that with Facebook, Slack, or anything else that you wanna work on. And I wanna introduce you to Himanchu. He improved the social API 1.9 version and he created almost all the implementers that we now support. So, Himanchu is here. Thank you. Hi everyone, my name is Himanchu Lakshit. I'm from India. I'm currently a 19 year old software developer. And I've been coding since the age of 12, so like seven years into coding. I'm currently studying computer science engineering from Rastan Technical University, which is in Jaipur, like Northern India. I've been involved with three open source organizations. My first contribution was to WordPress, where I uploaded my personal project. I wanted a functionality, I couldn't find it, and then I created and uploaded it. And then I got involved, I wanted to participate in GSOP 2016. Then due to that, I got involved with Opia. After that, I got involved with Drupal as a part of my GSOP 2017 project. Apart from that, I love to play squash, badminton and ping pong, so all the record sports. Currently, I have co-founded a startup in India which is converting a workspace solution from underutilized space space to office solutions. So, this is about me. You know, a guy asked, I have a Google Plus Facebook and Skype account. The other person asked, when do you have life? He says, can you send me a link to that? So, social network has become a very important part of life and at social API, we are trying to do the same by integrating social authentication and posting in Drupal websites. So, I wrote a proposal for my GSOP. First of all, as a part of GCI 2016, my brother participated in with Drupal. He created social architecture and became a grand prize winner. So, he inspired me to become, to participate in GSOP with Drupal in 2017. Also, my previous experience with PHP and integrating social authentication for different social provider like Facebook and Google in frontend application helped me. I became a core contributor with Drupal by completing 13 core issues. After that, I started writing my proposal. We are Valentin and Matthew helped me refine the proposal and set the milestones for the project. So, we'll thank you two guys. Here's a quick note. All of the GSOP students that we've selected the past three years have all become core contributors prior to us selecting them to be even students. Just a cool little note out there. They're students that are so into becoming these students like these guys. They're already doing core contribute patches, writing their own modules, and then doing their projects. So, we're selecting pretty smart students. And again, what we'll talk about this more if anybody wants to get involved with this. We have another summer of code coming up here shortly. After that, I set up my Drupal website and contributed to social API to learn about the project and get involved with it. And also put it up project from Drupal 7 to Drupal 8, which was basically sharing buttons for Drupal websites. You can see the buttons like share on Facebook and share on Google. So, I put it from Drupal 7 to Drupal 8. It was one of the modules. About the development process, until 2016, GSOP was basically divided into two phases, phase one and phase two. After that, they converted into three phases. Before the development process start, we usually have a thing called community bonding period where you interact with other students and learn more about the open source organization you're contributing to. So, doing that, I learned the basic things like creating an entity, et cetera. In phase one, I integrated the PHP League or two library in social API by making it a compulsory dependency that must be used in social auth and social post. I improved the user authentication flow, which we'll be talking about later in this presentation and encrypted the access token stored by the social post. In the phase two, I updated the existing implementers created by Valentin, which were social auth Google, social auth Facebook. And I did new implementers like social auth Instagram, social auth GitHub, et cetera. In phase three, I created social post LinkedIn. So, as Valentin showed you the demo of social post Twitter, you could do the same with social post LinkedIn. I did more implementers, so all the images that you saw earlier were created by me. I wrote the documentation for social auth based implementers and social post implementers. So, if anyone wants to create their own implementers, they can go ahead and follow, just see the code and create their own implementer. After doing the development process, one thing that helped us was a scrum that was implemented by Matthew. Who's ever heard of scrum project management? All right, I told you, this is a real, they didn't believe me. They thought I was crazy when I started making them do scrums. You actually are. So, here, we'll ask a question. When you started doing scrums, every student says, I don't want to do this. I don't want to check in and give you a report and all this stuff every day. But now that you're done with it, does it make sense? Yeah, it gives us a real experience and getting more under the project. So, one of the main goals of my project was to implement the leak of what to library. We did want to implement any library that can easily implement, can be easily extended across all the implementers. But there was hybrid auth, but it was discontinued and not actively maintained. So, we went to leak what to library. But some of the features of leak what to library are that they provide common extract method for all the different, all the solution networks. So, you could easily go ahead and create implement library, third party libraries for that. The packages of leak what to library are totally tested and follow the modern coding standards. And there's like long list of solution network libraries for PHP in the PHP leak library. Hey, hero, I wanna go back to that slide. Just so that anybody that doesn't know, the PHP League, it's kind of like an organization. Yeah, it's an organization that developed a lot of libraries not only for auth to authentication, they developed many other things. Anything common in Drupal or in PHP, like a CSV uploader, authentication. There's groups of people in PHP outside of Drupal that are saying, hey, if we're gonna do the same common thing, let's do it together and collaborate so we're not all redoing the same work. And that's what the PHP League is and where we got the core libraries for the authentication stuff and applied it to Drupal, of course. Apart from that, some of the changes done by me in GSOC were before GSOC 2017, we did not have any entities. So, I created universal entities for social auth and social post implementers. We were storing the access token for the user, so every time users log in, we were like storing the access token which can be used further to perform actions on its behalf and encrypting the token stored by social post. And other thing we added as a part of my project was we were having, we could collect like extra data during the time of authentication. So for example, if anyone is logging from social or Facebook, you could define scopes and data you want to collect like his friend list or what type of music does he like, et cetera thing. And I improved the user authentication flow. So securing the access token works like first we encode the token into JSON and then encrypt it using OpenSSL library using a salt and key and then store it in the database. And same applies with the gate token method but it is in the reverse way. So user authentication flow. So it was like big image but we had to split it into two parts. So one is when user is logged in, if like already record for the same user exists then we don't do anything. Otherwise we associate that social provider account with a Drupal user account. And then if user is not logged in, we first check if there exists a user record in our social entity. If yes, then we log in the user. If no, then we check for, an email can be obtained from the user. If yes, then we check email address in our user social entity and get the user ID and then logs him in. Otherwise we ask user to fill other details like his email and all. So and securing the access token. So earlier the token was stored in like plain format. So if a website get reached, the hacker will access to all the user access token and he could perform any extension on your behalf like posting on Facebook, et cetera. So during one of our scrimmating execution was there that we need to encrypt the token. So I used OpenSSL encrypt and with a salt defined settings.php to encrypt the token. So the salt is unique to every Drupal installation. So encryption is actually unique to every Drupal installation. Apart from that, in OpenSSL encrypt, we use an initialization vector which is a suffix added to encrypted script which adds some more layers security. And here's the image of how normal encryption and decryption works. So data is encrypted using a key and the same key is required to decrypt the data. This is like a demo of social of Facebook which I created as a part of my GISA project. So you have to go to the settings page and all the application ID and app secret which you can obtain from a Facebook developer account. So here the same. And you have to also enter like your privacy policy URL you can and redirect your view, you can get it from it. Apart from that, we have like advanced settings so you could define what type of data you could collect when user is authenticating for the first time. And then you need to add a social block to your block layout, which we'll be doing now. And voila, we are done. So now anyone can use like a social author in their website. It is like really easy process to follow. So that is it from my side. I like, now I'm going to let you talk about it. Thank you. Thank you. All right. Thank you very much guys. That was great. Again, these are modules that are going to be on lots of Drupal 8 sites. If you're doing anything with auth, post, social, these modules are there. They work. These students built them. And there are more. It's not just students. Other people have been starting to contribute from the community, which is one of the reasons why we want to do this presentation and why we're looking for more. We need some help with contributing social post implementers, social author implementers, the code refactoring. Do you want to mention something? Yeah. There are a lot of code that is being used in social post and social auth that can be code directly into social API. And that includes the token encryption that is being done for social post, but not for social auth. And we can just reuse the same method and put it in something more common, like social API. And we need help with that. We also need documentation. The API has a lot of cool things that are not only about logging users in. You can use the API to do whatever you want to do with services. But these cool features are not completely documented, so we need help doing that. And in general, any ideas that you have, that will be very helpful. And of course, any ideas you guys have. And you can find us if you would like to get involved. Here's some links in the bottom right. Google summer of code on g.o.groups.drupal.org. That's our main place where we are and you can find us. We're also on IRC and Drupal-Google. And of course, the Code-In website. And again, a little refresher. The Code-In is for high school students ages 13 to 17. They basically compete to do a bunch of small tasks, like create that logo. Or write a small module. He's really smart. He actually wrote like the scroll to top module for Drupal-8. Some students just create logos and stuff for us. But they compete to win a trip to Google. And I picked the top two students and they get a full trip to Google for a week with their parents. And both of these guys have gone on it. Did you have fun going to Google? Yeah, yeah, it's very fun. The food is good. Yeah. Okay, so the actual website for summer of code is summer of code with Google. And that is for university students. You can be a PhD student if you want. You can be an undergrad. You can be a master's student. And Google will pay you to contribute to open source. Every summer we select about 10 projects. We're actually in the selection process right now. So if you're interested in mentoring, it's not a full-time gig. We put as many mentors on projects as possible to help these students. I mean, if we had the possibility of putting 10 mentors on a project to help these get just to test things, review things, project management type stuff. It all really helps. And that will, again, run this summer. Code in usually runs in the winter. And of course, if you'd like to continue this discussion with us, we have a Birds of the Feather set up. So here we are right now. Then there's lunch. And at 2.15 in room 102A, you can come and meet the real-life GSOC students. And there will probably be some other alumni mentors who will be there so you can meet them. Or if you want to talk about social API or any ideas that you have, you can come, they are welcome. Yeah, we're trying to hybrid. BOF, we'll be talking about social API, GSOC, GCI. If anybody's interested in any of this and wants to get involved, come talk to us. We'd love to meet you. If you're interested in just testing it or using it or contributing it to us, we're very excited. All right, now we can open it up to questions. Do you guys know that Julia got to come over to the mic and do that and get in line here and we'll do that? So really impressive stuff, you guys are. Yeah, thank you. You're welcome. Thank you. So I've mentored through Google Summer Code before I work at a university. We really don't see as much interest in participating anymore in the US from students, like attracting them. Part of it is market forces and what Google pays for that. Part of it is the availability of internships. But is there something going on in other countries to promote this program that we're just not doing here at US universities? So like in India, it is like, in India it is massively popular due to like two of the reasons that a lot of students are contributing to open source. Apart from that, the stipend there is like a bit high compared to, on the relative scale, compared to US. So in US, like $66,000 might not be much, but in India like two, four OO dollars are like a good amount of money any student can earn, which is like a much higher compared to other internships available in India. And you can put it in another perspective. Google's GSOC students get on average about $5,500 per project. If you go to school in Stanford and live in Silicon Valley, you could probably get a job at a startup for pretty good pay. But if you live in India, $5,500 could pay for almost a year of school, right? Yeah. So another not related question at all. So you guys are, the league PHP libraries are all licenses, MIT, which is great. But did you guys run into other libraries that you wanted to use in these projects that didn't meet with Drupal's kind of strict GPL requirements? We first analyzed about the hybrid out, which is like supports more than only OAuth 2. But the problem was that hybrid out was discontinued. People were not actively maintaining it anymore. And that was the alternative. We also consider, I think it was from Symphony. There's like a Symphony social, but we decided to use PHP the league because it's a more active community. And they are actually doing very cool stuff and they are more popular than the Symphony social, the initial, if I think, or that's the reason we chose the league over the other ones. So like Facebook's default license for PHP is Apache 2, which we can use. So a lot of projects can only be installed via Composer. And even then the resulting code that you end up with is only GPL 3 compatible. You guys didn't run into that at all with all of these? Are you talking about the official library from Facebook? Yeah, like Facebook's SDK libraries, let's just say Apache 2. Well, initially we were using social, we were using, for version 1.x, we were using the default library from Facebook because you can basically use whatever library you want. But then since we migrated to the league OAuth 2, we decided to just use the official implementer from the league, instead of using the SDK from Facebook. Okay. This is a question from the other side. A lot of the work that I do with my clients requires me to grab data from Facebook and Twitter and pull it onto the website. Do you guys have plans to implement that piece of the functionality too? Yeah, currently in the advanced settings, you can set up which scopes you wanna get from, you wanna request during the authentication. And then you can also set up some endpoints that you wanna request. For instance, the user friend list. And those endpoints are stored in the database. However, if you need to do more complicated requests, you can use the API itself and write your own code. Or you can write your own customized module to retrieve all this data and put it on your website. So you can do all of this if you want. What we wanted to do was to give developers like a code to start with so they can request data and authenticate. But you can do whatever you want to do with the API. Gotcha. So the core functionality doesn't have any plans to grab, for example, posts or tweets and pull them back and store them as entities. You can actually pull data right now in storing the database, but you will have to write a custom module to actually retrieve it from the database and show it as you want. There are ideas going on about giving an UI to actually display the data as you want, but we haven't developed it yet. Gotcha. Okay, thank you. And that's kind of one of the things that I would like to see too is more management on this, on what happens when you start authenticating with multiple providers. They say, how do you select which avatar pulls in? You know, you have LinkedIn, Facebook, all that. There should really be kind of a UI. Oh, I want my job title to come in from LinkedIn. I want this picture. And then of course, pulling in posts and pushing posts. But yeah, we're all on this path. We'd love some help on it. And of course, we have another summer of code coming up. We'll get more done in the winter. We have GCI students doing more. We're really excited about this. Any more questions? All right, well, we really hope you guys check this out. Again, this is all at SocialAPI on Drupal.org. Here you go. And it's a collection about, this shows that there's the actual social API and the social off, the social post. And you can figure out what they're for and different modules, different pages. And check it out. Go to Drupal.org. These students have written wonderful documentation on how to do it. You guys have even created some videos on how to do a lot of this. And again, the documentation is so good. How old is Maskey, 15, 16? He's 17. Yeah, he's 17 now. Maskey was 15 when he developed the first, his implementer. Yeah, so I mean, many school students can follow what these kids have done and write a little bit of code and are contributing modules to Drupal.org. And for a lot of people who are new to Drupal or want to contribute more, is that the contribution stuff seems a bit daunting. But this is evidence that it really isn't. If you just kind of look and read the documentation and follow along, the steps are there and anybody can get involved. Any final words, guys? I don't have anything else to add. Do you have anything? No. Just if you have any ideas, if we could extend the project in any way, let us know. We could discuss it and even implement that functionality in our project. All right, well, we're all set. Hope you guys have a good Drupal con and we'll be in the BOF room after lunch. If you want to come and ask it, we'll be hanging out here if we have some questions, but we'll be there as well. Thank you very much.