What is the recommended way to restrict social login to registered users?
As it is any user with a social account gets passed as authenticated after signing into a social site (google, facebook, etc) even though they aren't registered with my secure site.
Lets assume I'm using the default domain/accounts/login templates. If we can sort it out with those I can make it work my forms or templates.
Hopefully someone else has done this so I don't have to reinvent the wheel here....
I can post any code if you like.
Related
I am building a basic social media web application and I would like my only login point to be via facebook login. After doing a fare amount of research, I have seen multiple third party authorization frameworks that plug in with facebook, but I was wondering if there were any opinions on what the best foot forward would be.
Additionally, how would I go about still being able to use sessions/cookies within Django if I use fb login?
All answers are appreciated!
You can use SocialAuth (https://github.com/python-social-auth/social-app-django), this app allows you to let users log in via many common SocialMedia-accounts, e.g. facebook. Upon login, the app will create a user in your database, which you can then use as if the user logged in with a local account. Therefore, the session will still be handled by django, fb only sends you some information about the user (e.g. first- and lastname, email, etc. [configurable in your settings.py])
I'm using Django social auth to log users in using Facebook, Twitter, etc as described, for example here.
Scenario:
A user is logged onto my platform using my native login system. I want them to validate that they own a particular Twitter account without redirecting them to a view where request.user is a new UserSocialAuth associated with their Twitter account. I want to show the user the Twitter login page but, after they provided their credentials, keep them logged in as they were rather than log them in as a different user.
can add more accessible details for your social users indicated here:
https://python-social-auth.readthedocs.io/en/latest/configuration/django.html#database
I have visited a couple of sites and they offer the option to try their site without registering, but you can login with something like someusername#somesite.com and somesiteguest.
I want to implement this for my own site. Currently I am using django-allauth for handling registration and logins.
I am just not sure how to handle users login with the same credentials.
I am working on a django app. What i want to do is that in my app i want to allow people to add their facebook, twitter and google+ profile links but after only getting authenticated to these. I want my website should recognize a user if it gets login from facebook or twitter or g+ and redirects it to the user page with which these social media profile links are attached. I am trying it to do using python requests package. But i am not getting a way how can i do it. Should i get a oauth token from the site to store or should store the profile link of the user. I have implemented the social authentication mecanism using python-social-auth
Please suggest me.
A small example will be appreciated
Sounds to me like you want to extend the pipeline with a function to redirect users. You can use Social User to get at the auth used to log in.
can connect to facebook and twitter, but how do i connect a normal django user to both his facebook and twitter networks, so that the next time he has the option of logging in through any 1 of the 3 and i can utilise information from both the networks.
can the signal :-
allauth.socialaccount.signals.pre_social_login
be used to check if a user is already logged in if yes connect the social account to the django account, but i cant figure out how to go about implementing this in the login view.
connecting to different social providers turned out to be pretty easy. The same url which was used to login the users to a social provider if accessed inside a users home page( ie the page a normal django user will see after logging in using django auth) links your django profile to the social app profile automatically.
now I am looking into how to use the graph api along with allauth to fetch friend lists, post to wall etc