I'm trying to access the below URL using HTTPResponseRedirect which is protected by Django_restframework_simplejwt. I would like to redirect to below URL after the signup success, for the email and mobile verification.
http://base_url/acc_verification
Assuming, I do have an access token, Now, How do I set the Authorization token in the request header to load the above page.
Authorization: Token
Python - 3.6.8
Django - 2.2.3
djangorestframework_simplejwt - Latest
Related
I am stuck on [Step 2: Redirect to Google's OAuth 2.0 server][1] of Google's Using OAuth 2.0 for Web Server Applications Guide.
I have registered my application, got my client id and secret, and have the same authorized Redirect URIs in Google Developer Console than in my app.
I am getting this error when I try to redirect the user to the google consent form.
NoReverseMatch at /login/
Reverse for '?response_type=code&client_id=&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2F&scope=profile+openid+email&state=NZkfzNYMEqWIY1YG07eFxE6VL2YSip&access_type=offline&prompt=consent&include_granted_scopes=true'
this is the function that is giving the error on the return:
import google_auth_oauthlib.flow
from django.shortcuts import redirect
def authorize():
"""
Set authorization parameters and redirect to Google's OAuth 2.0
server to prompt user for consent
"""
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
client_config=client_secret.json,
scopes=['profile', 'openid', 'email']
)
# Indicate where the API server will redirect the user after the user completes
# the authorization flow. The redirect URI matches one of the authorized
# redirect URIs for the OAuth 2.0 client in the API Console.
flow.redirect_uri = 'http://localhost:8000/'
authorization_url, state = flow.authorization_url(
access_type='offline',
prompt='consent',
include_granted_scopes='true')
return redirect(authorization_url)
My app has a Django 3.1 backend with django-allauth and dj-rest-auth (actively supported fork of django-rest-auth).
My mobile and web frontends can already sign in using Facebook and Google via REST. I'm now trying to add Salesforce as a 3rd REST social login method, but am running into issues.
I've followed the django-allauth instructions for Salesforce:
Created a Salesforce Connected App with id and openid scopes (along with some others), and set the callback URL to https://www.mywebdomain.com/accounts/salesforce/login/callback/
Created a SocialApplication in Django with client ID, secret, and login URL in the "Key" field (https://login.salesforce.com/)
Included allauth.socialaccount.providers.salesforce in INSTALLED_APPS
I've been using client-side JSforce to kick off the Salesforce auth request in the frontend, but I'm open to other methods if they are simpler/better/etc.
Running jsforce.browser.login() in my clients' JS code opens a Salesforce login popup. After entering Salesforce login credentials, the Salesforce system redirected to my defined callback URL, resulting in a page that shows the following text:
Social Network Login Failure
An error occurred while attempting to login via your social network account.
The URL in the address bar on that page looks something like this:
https://www.mywebdomain.com/accounts/salesforce/login/callback/#access_token=00D3t000004QWRm%21ARwAQPfHWiM6jdB43dlyW6qjEw._34mjzGi_Jv6YCXp0QssT.9F9lCge5_YaH8gqTy3Od6SywCs8X9zOGv145SyviBVeGdn0&instance_url=https%3A%2F%2Fna123.salesforce.com&id=https%3A%2F%2Flogin.salesforce.com%2Fid%2F00D3t000004QWRmEAO%2F0053t000008QBetAAG&issued_at=1606802917608&signature=KvxAX0WBCFQYY%2BO25id9%2FXxpbh2q2d2vWdQ%2FFV5FCBw%3D&state=jsforce0.popup.c0ockgct29g&scope=id+api+web+refresh_token+openid&token_type=Bearer
I tried to debug and print the error in my backend, but both auth_error.code and auth_error.exception were blank/empty.
I also tried sending the access_token from that URL's hash to my Salesforce API endpoint (see below), but that resulted in a 400 error ("Incorrect value").
Here is how I've defined my SocialLoginViews in my views.py, based on dj-rest-auth's social auth documentation:
from dj_rest_auth.registration.views import SocialLoginView
from allauth.socialaccount.providers.facebook.views import FacebookOAuth2Adapter
from allauth.socialaccount.providers.google.views import GoogleOAuth2Adapter
from allauth.socialaccount.providers.salesforce.views import SalesforceOAuth2Adapter
class FacebookLogin(SocialLoginView):
adapter_class = FacebookOAuth2Adapter
class GoogleLogin(SocialLoginView):
adapter_class = GoogleOAuth2Adapter
class SalesforceLogin(SocialLoginView):
adapter_class = SalesforceOAuth2Adapter
My urls.py:
from .views import FacebookLogin, GoogleLogin, SalesforceLogin
urlpatterns = [
...
# Sending access_token to the Facebook and Google REST endpoints works,
# but doing the same for the Salesforce REST endpoint does not (400 error: "Incorrect value")
url(r'^api/rest-auth/facebook/$', FacebookLogin.as_view(), name='fb_login'),
url(r'^api/rest-auth/google/$', GoogleLogin.as_view(), name='google_login'),
url(r'^api/rest-auth/salesforce/$', SalesforceLogin.as_view(), name='salesforce_login'),
...
]
How can Salesforce social auth be made to work in this app?
I figured it out and got it working: when posting to my dj-rest-auth Salesforce API endpoint, I was only including access_token in my POST body. I actually need both access_token and key, where key is the Salesforce login URL ("https://login.salesforce.com").
It was indeed in the django-allauth instructions for Salesforce, but I misinterpreted the wording. I now know that it says to require both access_token and key in the POST body.
I am able to receive a facebook authentication access_token from django-rest-auth by following their instructions in their docs, but it doesn't look like it's a JWT token generated by django-rest-framework-jwt.
I did set REST_USE_JWT = True in settings.py. That's all I've done, I'm not sure if there's anything else I need to do to ensure that the token is being generated by JWT.
I set up an endpoint to verify a jwt token like so:
from rest_framework_jwt.views import obtain_jwt_token, verify_jwt_token
urlpatterns = [
url(r'^api/token-verify/', verify_jwt_token),
]
that's how I'm testing if the access token received by this endpoint
url(r'^rest-auth/facebook/$', views.FacebookLogin.as_view(), name='fb_login'),
is a valid JWT token. When I try to verify the token I get an error Error decoding signature.
On a side note, I noticed when I try to do a POST request to rest-auth/facebook/ API endpoint twice using the same access_token returned by a Facebook login I am receiving a 403 Forbidden from django.
Can someone please explain a bit how to make JWT work with django-rest-auth?
I am using djoser for authorization. i want to logout using djoser - /auth/logout/ but it require token data using POST method.
my URL is,
url(r'^logout/$', "{}/auth/logout/".format(API_URL), {'token':token}),
how do i bind post data into it? and how to call external API from urls.py along with POST data
Note : My djoser was in another django app. i need to do external API call for logout.
The setup is django 1.10 DRF, using url('^', include('django.contrib.auth.urls')), for authentication.
I'm upgrading from django 1.8 to 1.10.
The issue is that hitting the password_reset endpoint, with postman for instance, at http://localhost:4200/v1/password_reset/ requires a CSRF token in the cookie, which I do not have.
What am I missing? I tried comparing the login workflow to the password_reset workflow. Both views have the decorator #csrf_protect. But when hitting the login endpoint, in middleware/csrf.py, the login view has the csrf_exempt flag on. Furthermore, when we hit the login endpoint, the backend sends back the csrftoken data for the cookie. Nothing like that happens for password_reset.
Any ideas as to what I'm missing or how I could troubleshoot further?