I am new to GitHub Apps. I have used GitHub OAuth before, but finding it a bit difficult to understand the user authentication and authorization for GitHub Apps. My use case is as follows -
A user will visit my website, login with their GitHub credentials and at that time the user needs to accept the permission I seek from their profile (ex. Repository, PRs, etc.) and display those repositories and PR on my website and perform some actions on them.
I have primarily 1 question at a high level.
The API endpoints and what all keys are needed to authenticate and authorize a user so
as to get all the requested items like repositories etc. and more importantly the next
time the user logs in he should not need to accept the permission to access his
repositories. (Similar to this codefactor site)
I would like to have an architecture level solution if not a code example. I am using Python (Django) to build my project but code examples in other languages are also welcomed.
OP can use the module Django Social Auth. Their docs have an entire section dedicated to GitHub. They will handle all of that process for one.
Essentially, here's what one has to do
1 Install the module
pip install social-auth-app-django
2 Add it to your settings.py the variable INSTALLED_APPS as
INSTALLED_APPS = [
...
'social_django',
...
]
3 Sync the database
python manage.py migrate
4 Add GitHub authentication backends to Django’s AUTHENTICATION_BACKENDS setting
AUTHENTICATION_BACKENDS = [
...
'social_core.backends.github.GithubOAuth2',
...
]
5 Add URL entries
urlpatterns = patterns('',
...
url('', include('social_django.urls', namespace='social'))
...
)
6 Register a new application at GitHub Developers, set the callback URL to http://example.com/complete/github/ replacing example.com with one's domain (could even be http://localhost:8000/complete/github/ if testing locally). This will generate a Client Key and a Client Secret.
7 Add these values of Client ID and Client Secret from GitHub in your project settings file.
SOCIAL_AUTH_GITHUB_KEY = 'a1b2c3d4'
SOCIAL_AUTH_GITHUB_SECRET = 'e5f6g7h8i9`
8 One is now able to use in one's template, like
Sign in with GitHub
Clicking in that link will then redirect one to the page to accept permissions, just like Codefactor.
Apart from the docs, there are some good articles out there that one can also use for reference, such as How to Add Social Login to Django by Vitor Freitas.
Related
(I am relatively new to Django, so sorry if I was misunderstanding anything ^^")
so let say I have app1 and app2, and I want to implement the same groups, roles and permission through these two apps by only having one database.
my idea was to create a central back end server that the two app authenticate through and grabs the roles from it. essentially this can be used for SSO(Single sign on) later. but now the target is to authenticate the user logging through one app and get his roles and groups from there.
In Django documentation I found "Authentication using REMOTE_USER":
which should allow me to do remote authentication (which is my target), was able to make it run but how am I supposed to give it the link of the Django authentication server.
my understanding is that after setting this remote user authentication, all groups, roles and permission checks doesn't need to be changed since Django should have access to the remote server that it authenticates through.
I hope that I wasn't misunderstanding "Authentication using REMOTE_USER" concept.
also if there is any other ideas on how to implement this, please let me know.
Thank you !
Sounds like REMOTE_USER is NOT what you're expecting it to be: when Django is configured to use this functionality, it foregoes Django's typical security, because it expects a web server situated in front of Django (e.g. APACHE or NGINX) to do user authorization on its behalf. In a nutshell, the web server passes along the user's id in every request it sends to Django in the REMOTE_USER header.
You expectations, on the other hand, seem directed at configuring a common Django app to authorize and authenticate users for other apps. This is a common configuration, and is effected by several steps, including these three:
(1) Adding to the common app's settings.py the other apps in the INSTALLED_APPS list. For example:
INSTALLED_APPS = [
...
'app1',
'app2',
]
(2) Include the apps URLconf in common api urls.py, for example:
path('app1/', include('app1.urls')),
path('polls/', include('app2.urls')),
(3) Run python manage.py migrate in order to create the database tables for two apps.
You'll probably have to fuss with your urls in the common app more that what I've sketched out above; and you might add a middleware to prevent unauthorized requests any access until authenticated.
In my django application hosted on heroku (https://ers-heatscreen-app.herokuapp.com) , i would like to authenticate users from an existing customer login on a productive homepage which is solved with java script.
So when they login at https://shop.ers-heatscreen.com/login i would like to take the existing user an create a new user/login with existing user in my application.
I have invested a ton of time in reading stackoverflow and django documentation, but cant puzzle things together....
Somehow is the best solution, to set a remote_user in django and solve the problem with django
MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware',
]
....
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.RemoteUserBackend',
]
Maybe you have some hints/code snippeds/links for me to point me to the right direction.
Would really appreciate any help. If you need some more information, i can post further information anytime.
This Post was really helpful.
I created a Backend, where i get the user information via querystring und create/login the user.
With the middleware i managed to login automatically.
https://www.sipios.com/blog-tech/automatic-login-in-a-django-application-using-external-authentication
I have two AWS Elastic Beanstalk environments serving content using the same Django web server. One of them is a staging site (i.e. for development/testing purposes) and one of them is the production website. On the staging site, features that normally require payment are free to use in order to simplify testing and development. I want to avoid having users stumble upon this staging site and gaining free access to features that normally require payment.
To prevent this, I would like to require staff login for all of the views, but only on the staging site. I have an environment variable that gets checked in settings.py which determines whether or not the server is running in the staging or production environment. Is there some elegant/clean way of accomplishing this by checking that environment variable?
I would add a Middleware that checks for this condition to the MIDDLEWARE settings variable if the environment variable says you're on staging.
Easy peasy, bro!
Just use conditions in your urls.py file
from django.conf import settings
urlpatterns = [ YOU REGULAR URLS HERE ]
if settings.SPECIFIC_VALUE:
urlpatterns = [
ADDITIONAL URLS WHICH WILL BE AVAILABLE IF SPECIFIC VALUE IS ON
] + urlpatterns
How might I go about adding a Google+ API sign-in to my Django website?
First you must create OAuth credentials for Google+.
Go to the Google Developer Console
Create a new project.
Go to "APIs and authentication" -> "Authorization screen" and give your product a name. Click "Save".
Go to "APIs and authentication" -> "Credentials". Under "OAuth", click "Create New Client ID". Add "http://localhost:8000/soc/complete/google-oauth2/" should be listed as a callback URL. This will only work for testing, make sure to put in your actual domain when in production.
Now let's add python-social-auth to your Django app.
Install python-social-auth with pip
Set the appropriate Django settings:
Add 'social.apps.django_app.default' to INSTALLED_APPS:
Add the SOCIAL_AUTH_GOOGLE_OAUTH2_KEY and SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET settings with the client key and secret you created earlier. The client key is the "Client ID" listed in the "Credentials" screen in the Google developer console, the one which ends in ".apps.googleusercontent.com". Only take the part before the dot. The secret is listed as "Client secret".
Make sure you have the AUTHENTICATION_BACKENDS setting explicitly defined, and that it contains 'social.backends.google.GoogleOAuth2'. An example would be:
AUTHENTICATION_BACKENDS = (
'social.backends.google.GoogleOAuth2',
'django.contrib.auth.backends.ModelBackend')
Define the SOCIAL_AUTH_PIPELINE setting as detailed in the python-social-auth documentation. What every setting does is listed in that page.
If you have something to do with the information you get from Google+, I recommend defining a function:
def save_profile(backend, user, response, *args, **kwargs):
if backend.name == "google-oauth2":
# do something
where user is a django.contrib.auth.models.User object, and response is a dictionary. Then add that function to the SOCIAL_AUTH_PIPELINE using the full module path, after create_user.
If you don't want to do anything with that information you can leave the default pipeline as-is.
Finally, you'll want to add the python-social-auth urls to your site's urlpatterns:
from django.conf.urls import include
url("^soc/", include("social.apps.django_app.urls", namespace="social"))
And that should do it! It's time for testing. First, ./manage.py makemigrations for the required migrations of python-social-auth, and then ./manage.py migrate, as explained here. Then, you can run the development server, and go to http://localhost:8000/soc/login/google-oauth2/?next=/ .
Hopefully I did not skip explaining any step and it will work. Feel free to ask more questions and read the docs. Also, here is a working example that you should check out.
#rhaps0dy's answer is correct, but python-social-auth is now deprecated and migrated as social-auth-app-django. So this is what I made different from #rhaps0dy guidelines.
Instead of python-social-auth, I installed social-auth-app-django,
'social.apps.django_app.default' becomes 'social_django'
'social.backends.google.GoogleOAuth2' is now 'social_core.backends.google.GoogleOAuth2'
url("^soc/", include("social.apps.django_app.urls", namespace="social")) becomes url("^soc/", include("social_django.urls", namespace="social"))
I am trying to work with django-allauth. I followed the instructions at github page and done following:
Added allauth urls into urls.py
urlpatterns += patterns ('',
url('^accounts/', include('allauth.urls')),
url('^accounts/profile/$', ProfileView.as_view(), name='ProfileView'),
url('^login/$', login, name='account_login'),
url('^logout/$', logout, name='account_logout'),
url('^login/cancelled/$', login_cancelled, name='socialaccount_login_cancelled'),
url('^login/error/$', login_error, name='socialaccount_login_error'),
)
Updated TEMPLATE_CONTEXT_DIRS, TEMPLATE_CONTEXT_PROCESSORS, AUTHENTICATION_BACKENDS and INSTALLED_APPS. Also added ACCOUNT_AUTHENTICATION_METHOD = "username_email"
Added Key and Secret for twitter in the Social apps table.
Copied django-allauth templates to my app's directory and modified it. I can see all the templates working fine like /accounts/signup/ and /accounts/social/connections/.
Now, from connections or signup when I click Twitter link /accounts/twitter/login/ I ended up with the following error:
Social Network Login Failure
An error occured while attempting to login via your social network
account.
Am I missing something? May be some stupid mistake (Twitter login url? No clues!). I also tried to find some tutorials based on the latest codebase but unable to find any. django-allauth example on github wasn't of any help. Please help. Also, please feel free to provide me any links or tutorials based on the latest codebase.
Thanks in advance.
I am a beginner so you can expect some stupid mistakes from people like me but I try to learn. I spent many hours trying to resolve this. Finally the issue turns out to be Twitter App Key Settings:
I get "Social Network Login Failure" error because my Twitter App settings are not configured for the localhost. Make sure you have the following settings configured in your Twitter App for your localhost (development machine):
Callback URL: http://127.0.0.1:8000/
NOTE: If you want to use it for production server then you need to set Callback to your domain name as follows:
Callback URL: http://Your_Domain_Name.com
OR better use another set of Keys specifically for production use only.
BONUS : If you are using django-social-auth and you don't have these settings configured then you may end up with 401 Unauthorized error.