Django-Allauth and django-facebook to retrieve Facebook profile images - django

I integrated django-rest-auth and django-allauth for user registration/login using Facebook.
Now, I can authenticate (and I can create) the Facebook user and I can retrieve some basic informations like e-mail, first name, last name...
Now I need also to retrieve some profile images (last 3 user profile images) about the user at registration of it in my platform.
I'm confused because I can't use allauth to take also these informations from Facebook so, probably, I need to take it directly using Facebook GraphAPI (is correct this my solution?)
Is a good solution the integration of django_facebook?

The photo can be retrieved directly with the user UID and this URL:
http://graph.facebook.com/UID/picture?width=40&height=40
In function:
fb_uid = SocialAccount.objects.filter(user_id=self.user.id, provider='facebook')
if len(fb_uid):
return "http://graph.facebook.com/{}/picture?width=40&height=40".format(fb_uid[0].uid)

I'm not entire sure, but I think you will get access to the user's photos when you add "user_photos" to scope list in facebook configuration. Did you try it?
Here is a link to django allauth documentation: http://django-allauth.readthedocs.org/en/latest/providers.html#facebook

Related

Missing photos in Google Admin Directory Users response

I'm using the Google Admin Directory Users endpoint to retrieve all the users in our company's domain. The request is working as expected and I'm receiving the full list of users.
But a large number of users are missing photos. The thumbnailPhotoUrl property is present on each user entry, but following the URL leads to
https://ssl.gstatic.com/s2/profiles/images/silhouette200.png
which is the default avatar, for a large number of our users.
However:
If I go into Inbox and send one of the users showing the default avatar an email, their profile pic appears when sending the email
And when the user logs in to our app using their company email (using
Firebase Auth), their user response contains a public URL for their avatar
And if I log in to G Suite Admin and view our users, the majority of them have avatars. Only a small handful of users show the silhouette avatar.
Also, the docs state:
Note: In this version of the API, a photo is the user's latest Gmail Chat profile photo. This is different from the Google+ profile photo.
From the accounts we've viewed, all users have Gmail Chat/Hangout profile photos.
So it seems the users have photos associated with their account. Why are the photo URLs in the Google Admin Directory showing the default avatar? And not the user's uploaded photo?
I ran into this today and found your question while trying to solve the problem. I think I have the answer!
The thumbnailPhotoUrl property in each of the user profiles that leads to silhouette200.png starts with https://www.google.com/s2/photos/private/ followed by a long id string.
On the other hand, any user profile that returns a valid photo (instead of redirecting to the default/anonymous photo) starts with https://www.google.com/s2/photos/public/ ... like my Google Apps/G Suite profile photo.
I discovered fairly quickly that if I am logged into my G Suite account in the browser where I try to view those thumbnail photos, they resolve as expected with actual photos instead of silhouette200.png.
So: to display G Suite user photos in a custom app, the app user needs to be logged in with a G Suite account that is authorized to read other G Suite domain users' private thumbnail photos
or
your app will need to proxy the photo request in order to return the actual thumbnail.
Of course, please do consider user privacy expectations and
regulations; the fact that the profile photo is private usually
indicates that the user did not set their own profile photo but had it
set by some external application or sync process. (As far as I can tell, when a user
sets their own profile photo using My Account or About Me,
it is always made public.)
Adding some documentation reference to help define the ultimate purpose.
Google API part is here.
Parameter viewType() defines what part of the user profile is returned which in turn depends on GSuite Directory settings. This parameter also defines the level of
authorization when using the Google API.
When using a third party app as defined here, more elements come into play.
In the end, thumbnails appeared...

Access profile pictures using Facebook's Graph API v2.3 without user login

Direct access to profile pictures via the Facebook graph API has recently stopped working and appears deprecated. Apparently, this now requires an access token (which requires the user to login to FB first)...
https://graph.facebook.com/{user-id}/picture?redirect=false&type=large
I'm developing a web application in JavaScript, unrelated to Facebook. I would like to offer users the option to use their FB profile picture for posts. They provide their numeric user-id which I save on our server. Until recently, my client app could use the numeric user-id in the above URL to produce a JSON response with a link to the user's profile picture.
Is there an alternative approach to getting a user's profile picture without first requiring the user to login to FB to get a client-side access token?
If They (the users) provide their numeric user-id means that you're using Facebook Login, and they at least gave their public_profile permission to your app, you can just add the App Access Token to the request and it should work.
https://graph.facebook.com/{user-id}/picture?redirect=false&type=large&access_token={app_access_token}
If you don't use Facebook Login, I see no chance to be honest.

Get Social websites profile link and attach those to a django user

I am working on a django app. What i want to do is that in my app i want to allow people to add their facebook, twitter and google+ profile links but after only getting authenticated to these. I want my website should recognize a user if it gets login from facebook or twitter or g+ and redirects it to the user page with which these social media profile links are attached. I am trying it to do using python requests package. But i am not getting a way how can i do it. Should i get a oauth token from the site to store or should store the profile link of the user. I have implemented the social authentication mecanism using python-social-auth
Please suggest me.
A small example will be appreciated
Sounds to me like you want to extend the pipeline with a function to redirect users. You can use Social User to get at the auth used to log in.

FB G+ and Twitter integration and pushing posts

I was just wondering if an app exists for Django that helps connecting all 3 social networks, imports basic info, profile picture, but most importantly pushes the post user makes to these three website accounts. I looked into django-social-auth but that just lets you register or login with these websites,not push posts.
django-allauth http://github.com/pennersr/django-allauth/ stores basic info for FB/G/Tw (and more), provides basic access to the profile picture, and stores the access tokens in the database.
Whatever you do with the access token is project specific and beyond allauth scope. For example, in order to post to the users wall you need:
The user's permission (you can do this by configuring the proper scope for the Facebook provider, search for SCOPE in the README.txt)
Once the user is logged in via FB, the access token is stored in allauth.socialaccount.models.SocialToken. Simply lookup the token for the user that is logged in.
Then, given the token use whatever method you like to post to the Facebook API on behalf of the user. E.g. https://github.com/pythonforfacebook/facebook-sdk
For some more background on the relation between a Django user and the Social* models, see:
How can I get the user's facebook id with django-allauth?
There are django apps that do what you need individually (Facebook example), but I'm not aware of one that works with multiple.
django-social-auth will get you half way there by obtaining the users information and permission to post to the social network on their behalf.
Once you have users authenticating via django-social-auth you'll have access to the users access token needed to post to respective network on their behalf.
From there, you're going to have to stitch together some additional python modules like the Facebook example above to do the actual posting.

How does allauth work when user logs in via social registration

I have been trying to use django-allauth to provide Social registration, but I am having trouble configuring the profiles for the user. There is no documentation of django-allauth which tells
how a django user account is created when a user logs in via a third party such as facebook
What username is assigned to that user and what password is used.
Certain third party providers such as Facebook provide a lot of information about the user such as their name, email etc. so how can we get them and save in the user account/profile
If anybody has used allauth in their projects and can provide some details then it would be really helpful.
I am using django_allauth in my project.
(1) How a django user account is created when a user logs in via a third party such as facebook ?
You should take a look at :
your admin panel and see what happens when somebody logs in.
allauth.facebook.views.login and try to track the login process
It is something like this (in a few words):
When a user logs in your site via his Facebook credentials he is given an access token
This token is saved in the FACEBOOK_ACCESS_TOKENS table (you can see it in the admin panel)
With this access token and with the help of Facebook GraphApi we know his social_id
When we know his social_id - we can have his Facebook account from our database
If we haven't saved it in the db already - we save the Facebook account in the FACEBOOK_ACCOUNTS table (Facebook Accounts in the admin panel)
Then we create a user in the USERS table with the data present in the Facebook account. (you can see the new user in the Users section in the admin panel)
(2) What username is assigned to that user and what password is used ?
As I mentioned before with the help of Facebook GraphApi we get the username of the Facebook user and it is assigned to the User profile as User.username
(3) Certain third party providers such as Facebook provide a lot of information about the user such as their name, email etc. so how can we get them and save in the user account/profile?
Again - the Facebook GraphApi - it gets you the info you need.
I have integrated django_allauth in my site and it is working properly. I will be happy to answer(if I can) if you have more questions.
EDIT - For the avatar support...
I think you have to take a look at the django_allauth settings and particularly in:
SOCIALACCOUNT_AVATAR_SUPPORT (= 'avatar' in settings.INSTALLED_APPS)
Enable support for django-avatar. When enabled, the profile image of
the user is copied locally into django-avatar at signup.