I am building an application that uses django as a backend for data processing and management calls served to a Vue3 SPA. I am using Keycloak for authentication and using keycloak-js and mozilla-django-oidc to handle authentication for each.
Each work separately fine, I can navigate to the django app, login and see the data behind protected views (and get redirected properly if I a not logged in). Likewise I can login to the frontend and get a token and associated data. I can even login to the django app, then navigate to the frontend and calls are made with the correct session information and it all works fine.
The challenge is when I just login to the frontend and make a call to the django app it doesn't recognize it as being an authenticated user request - I am guessing it has something to do with not creating a django session, but am honestly a bit lost at this point.
Is there a way to ingest the token information and have django authenticate the user and start a session when the call is made from the frontend?
I'm building a Django web app with django-allauth handling user authentication.
As title, how do you expose a RESTful API to authenticate users from a Chrome extension? Taking into account of both:
locally stored username & password hash string pairs and
third party social log-in providers?
What is the best or simplest way to do this?
I found the best solution to be Django-Rest-Framework.
I installed DRF, and wrote a serializer for my User model and an API view to handle token authentication.
I'm building my Django RESTful Framework to retrieve and post data for Mobile. I'm using djang-rest-auth (which is just all-auth with RESTful functionality; more info: http://django-rest-auth.readthedocs.io/en/latest/).
Question: Social Auth in all-auth is not clear to me. Can you finish this use case?
Use Case: Unregistered User
User Login with Facebook on Mobile
Mobile gets facebook token from Facebook SDK
Mobile sends token to our DRF Backend server URL which is '/rest-auth/facebook'
And what happens? Can you complete this Use Case? <- This is my question
My guesses:
all-auth automatically create new user for facebook user token and return new token?
Then, it saves created user to settings.AUTH_USER_MODEL? Or...?
I found 'social account' in Django admin. Are we saving User in this account..?
Yes, you are correct. After receiving facebook token Django will create SocialAccount instance which include backend name (facebook in your case) and facebook id of user. This instance will be related with AUTH_USER_MODEL by ForeignKey so when next time user will try to login Django will find SocialAccount by specified facebook id and return related AUTH_USER_MODEL instance.
I'm working with:
A) A large Drupal 7.23 application running at https://sitename.com using a MySQL database with thousands of users, around 30 of which are Staff.
B) A small Django 1.3.7 application running at http://dj.sitename.com using a PostgreSQL database with few (only the Drupal app's staff) users, who need to be able to login to this Django app using their existing Drupal credentials.
The workflow would be something like this:
Staff users are manually created with identical usernames in each of the applications.
A staff user goes to dj.sitename.com and inputs the same username and password of their account that was created at sitename.com, and clicks submit. Django checks the username and password against the users table in the Drupal MySQL database and compares it with the details in the Django users table. If they match, the user is logged in.
When a staff user is already logged into the Drupal app and visits the Django app at dj.sitename.com, they are automatically logged in, and vice-versa.
When a staff user logs out from the Django app, they are logged out from Drupal, too, and vice-versa.
When a user changes their password in either Drupal or Django applications, it is automatically changed in both systems.
What is the simplest way to accomplish this?
You can use the Services module to expose Drupal user login as a HTTP service, which can then be used by your custom Django authentication backend. On successful login, the service will return you the Drupal user object. This object include the roles of the user, so you can use it to validate of the user has access to your application.
I had a similar request and I've detailed my solution in this howto. Both Drupal and Django run on the same server so I can use both TCP to share data between the two platforms and drush to do Drupal operations in Django.
Every login/logout has two steps:
Login: Django login -> (auto) Drupal login
Logout: Drupal logout -> (auto) Django logout
The turn point in the analysis of mine was to generate and use the one-time login after the Django login using Drush. Then, I use that generated url as a destination url of a login success in Django and alter or suppressing the password recovery message to avoid one more click.
from subprocess import check_output
output = check_output(["drush", "-r", settings.DRUPAL_SITE_PATH, "-l", settings.DRUPAL_SITE_NAME, "user-login", drupal_id])
Where drupal_id is the drupal uid of the just logged in django user. I have to keep a field for drupal uid in the django database. Via Drush you can even create an user when it's the first time you login successfully.
To logout you have to logout from Drupal and then logout from Django. You can do it via Rules, calling a django logout path after the event User has logged out is triggered.
What you're describing is single sign-on. You can look into phpSimpleSAML and enable SAML on both Drupal and your Django based app. Drupal has a module available here: https://drupal.org/project/simplesamlphp_auth
I'm guessing some type of SAML module/plugin exists for Django already.
can connect to facebook and twitter, but how do i connect a normal django user to both his facebook and twitter networks, so that the next time he has the option of logging in through any 1 of the 3 and i can utilise information from both the networks.
can the signal :-
allauth.socialaccount.signals.pre_social_login
be used to check if a user is already logged in if yes connect the social account to the django account, but i cant figure out how to go about implementing this in the login view.
connecting to different social providers turned out to be pretty easy. The same url which was used to login the users to a social provider if accessed inside a users home page( ie the page a normal django user will see after logging in using django auth) links your django profile to the social app profile automatically.
now I am looking into how to use the graph api along with allauth to fetch friend lists, post to wall etc