Where in database does python-social-auth store access token? - django

I am using python-social-auth (within django) to implement facebook-login. I am able to successfully sign into my app using facebook and extract user email. But where in the database can I find the OAuth token generated by facebook? Is it in the password field in the user table?

It's in the UserSocialAuth extra_data field which is a JSONField.
Example of the value stored:
{"expires": "5184000", "id": "00000000000000000", "access_token": "the-token-value"}

Related

how to integrate django web login with snowflake 'users' table

i have a django application that carries authentication by requesting a token through MSAL. once i have that token, i will check if that username exists the the local django sqlite db and if it exists, he will be logged into the website. if the username doesnt exist, then the username will be recorded in the sqlite db and the user just need to enter his credentials again for authentication and will be logged in.
what i would like to do is to replace the sqlite db with a snowflake table, which should only have a username and email column. how can i go about doing it? i am thinking that i need to write a custom user class and specifying the correct table in the class meta, switch the database in settings.py to the correct snowflake database (should be possible with https://pypi.org/project/django-snowflake/). is there anything else needed?

Django JWT Auth for custom model

I have a custom user model
class User(models.Model):
fields...
It also has a email, password field among other detail fields. I want to use the simplejwt JWT authorization which takes email and password as input and generates JWT Tokens. Most tutorials include creating a superuser and passing username password of the superuser to get the token, But I want to do this for my custom user model.
REST implementation of Django authentication system. DJOSER
Getting Started with Djoser
Also, you need a MOD HEADER which is an Extension in Chrome
Add it from here
Once your Django project is up and running go to
localhost:8000/auth/jwt/create/ for creating access token by submitting username and password (ie: POST method)
once access token is created you need to set it in MOD HEADER in Request Header and you are good to go.
it's a JSON web token that's why you need to prefix it with JWT and then access token
django-simple-jwt generates the access and refresh tokens through the obtainTokenPairView. This views calls the authenticate function from django. Therefore if you have set up a custom user model following django guidelines, to use the email in place of the username, django-simple-jwt should work out of the box
Otherwise, you still have the option to create your own view and Generate the tokens manually

Flask - Stripe - Firebase Auth

As of right now I have firebase auth (generic email/password) set up as well as a Stripe payment stream.
What is the most simple way to link a stripe customer id to the firebase auth user credentials?
Can I somehow force the user to use the same email address to have that as a unique id?
It does not seem that I can store additional info within the authentication process but I could be wrong..
I ended up passing the email variable from firebase auth to the stripe form.
I did this by {{ email }} and adding the "Data-email" field to the provided base form code in their documentation.

Django Rest Framework with JWT Get User Info

I have a Django API that uses JWT for authentication (see this tutorial). Currently it gets the token fine and attached to that is a user_id for React.
Example token returned from /api/auth/token/obtain:
{
"access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwidXNlcl9pZCI6MSwiZXhwIjoxNTI1NjgxMjU3LCJqdGkiOiJlZTk4Y2I2ZmI3ZTk0OWVlYmNiNDU4NjA2N2ZmMGYzMyJ9.-8lXUwWivg4vaucDGRj7InqDQrn8WuflvwL1ebNHlFg",
"refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsInVzZXJfaWQiOjEsImV4cCI6MTUyNTc2NzM1NywianRpIjoiMmM4NDBlZWI3NWE0NDFkMmFiMGQxZjViNDdkYTcyNDgifQ.G70wMPL2OdrDx06HulGdVS3KQvZvNtjKoli1rKYXbxs"
}
But if I have an endpoint that alters a model created and owned by that user (it has an model field where owner is the pk of the User), how can I compare if that model is owned by the user when using JWT for authentication?
When I was using Django views, it was just simply check if the values were the same based off the user from the request, but with JWT the user doesn't seem to actually log in to the Django auth system.

Normal user/token user authentication

In my Django project I need two type of users:
- users authenticated with login/password (django.contrib.auth.models.User)
- users authenticated with token (Django REST Framework)
What's more I wish I could keep both of them in one table and display only "User" page in admin panel.
What would you suggest will be the best solution?
The token from DRF doesn't create a new User table it just creates a Token table with a one-to-one relationship with the existing User table, so you'll always have a single table (admin page) "User"
You decide what users should have a Token. for example:
# create API Token
regular_user = User.objects.create_user(....)
api_user = User.objects.create_user(...)
Token.objects.create(user=api_user)
now regular_user can only access using login/password (since he doesn't have a Token) and api_user can do both
Hope this helps