I am working on a django app. What i want to do is that in my app i want to allow people to add their facebook, twitter and google+ profile links but after only getting authenticated to these. I want my website should recognize a user if it gets login from facebook or twitter or g+ and redirects it to the user page with which these social media profile links are attached. I am trying it to do using python requests package. But i am not getting a way how can i do it. Should i get a oauth token from the site to store or should store the profile link of the user. I have implemented the social authentication mecanism using python-social-auth
Please suggest me.
A small example will be appreciated
Sounds to me like you want to extend the pipeline with a function to redirect users. You can use Social User to get at the auth used to log in.
Related
Is there a way to redirect to other page and automatically log into that page?
So it's like I make django webpage with login and create link to facebook. When user clicks to facebook link, it should automatically login to his facebook page. Of course, I will have his facebook username and password on db I used to create the website.
Is this possible? Basically, I am trying to create interface page on django with link to several different webpage and make user access to his page by simply logon to this interface page alone.
I suggest that you have a look at the Django-allauth, which is an Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication
It does most of the things you want, you can go through the documentation
https://django-allauth.readthedocs.io/en/latest/index.html
I integrated django-rest-auth and django-allauth for user registration/login using Facebook.
Now, I can authenticate (and I can create) the Facebook user and I can retrieve some basic informations like e-mail, first name, last name...
Now I need also to retrieve some profile images (last 3 user profile images) about the user at registration of it in my platform.
I'm confused because I can't use allauth to take also these informations from Facebook so, probably, I need to take it directly using Facebook GraphAPI (is correct this my solution?)
Is a good solution the integration of django_facebook?
The photo can be retrieved directly with the user UID and this URL:
http://graph.facebook.com/UID/picture?width=40&height=40
In function:
fb_uid = SocialAccount.objects.filter(user_id=self.user.id, provider='facebook')
if len(fb_uid):
return "http://graph.facebook.com/{}/picture?width=40&height=40".format(fb_uid[0].uid)
I'm not entire sure, but I think you will get access to the user's photos when you add "user_photos" to scope list in facebook configuration. Did you try it?
Here is a link to django allauth documentation: http://django-allauth.readthedocs.org/en/latest/providers.html#facebook
I'm building up an app that should allow the user to sign up / sign in with Facebook and then he should be able to login (always via Facebook) to the "main" website
To be honest it's a bit more complicated than this. That's because I'm using django-tastypie and django-allauth in the main website to allow sign up, login, and browsing of our API
Basically I want to make the mobile app user browse the tastypie API (accessible only if logged and if you're an user in the main website) and grant him the rights to add rows (like orders)
Here's what I have
A phonegap app with a working Facebook login (I'm working on that right now)
A website with django-allauth and django-tastypie that makes me register as a new user using the allauth's Facebook login
No trace on the main website if the mobile user is doing a sign up via Facebook (this is the problem)
I'm basically confused how I should work with access tokens and how to pass further parameters (I don't need only the Facebook infos to complete the registration, but some custom fields too)
Anyone got experiences on this or would like to expose his workflow?
One common way of doing things is to leave all registration related functionality up to the website. In your phonegap app you can simply point the user to /accounts/login/ using the In-App-Browser (IAB). The IAB has events like loadstart and exit that you should monitor. A simple way of monitoring whether or not the user is successfully logged in is to have him redirected to a specific url, say /accounts/login/complete/, at the end of the login. If you attach a token to that return url (as in /accounts/login/complete/?token=123) you will be able to parse that token in your app. You could simply use the session ID as a token.
A more secure way is to use the django-oauth2-provider app and actually implement a proper oauth handshake. Handling that is almost the same. Using IAB open /oauth/authenticate/, you will be asked to login using allauth, then an oauth2 confirmation dialog appears, after which the oauth grant code is passed to a success URL. You can pick that code up from phonegap and using AJAX calls from within the phonegap app you can fetch the oauth access token. Btw, django-rest-framework has builtin support for django-oauth2-provider (don't know about tastypie).
A completely different approach is to implement a Facebook login in your mobile app, completely independent from the web site. Once logged in you'll be handed over a Facebook access token. Now, you can send this token over to the web site. Given the token, the website can fetch the user (https://graph.facebook.com/me?access_token=...), check whether or not that user is already known, if so return an appropriate token/session for that user, if not, create the user account and also return a token.
can connect to facebook and twitter, but how do i connect a normal django user to both his facebook and twitter networks, so that the next time he has the option of logging in through any 1 of the 3 and i can utilise information from both the networks.
can the signal :-
allauth.socialaccount.signals.pre_social_login
be used to check if a user is already logged in if yes connect the social account to the django account, but i cant figure out how to go about implementing this in the login view.
connecting to different social providers turned out to be pretty easy. The same url which was used to login the users to a social provider if accessed inside a users home page( ie the page a normal django user will see after logging in using django auth) links your django profile to the social app profile automatically.
now I am looking into how to use the graph api along with allauth to fetch friend lists, post to wall etc
I have a website which users can sign up to using Facebook Connect (with the new OAuth 2.0 stuff). Now when a user logs out of Facebook they remain logged-in on my site.
I'm not using the JavaScript SDK as I don't like the "magic behind the curtains". So what should I do when a user logs out of Facebook? Should I care at all? I get the feeling I should try to catch this somehow and log them out of my site as well.
I'm using Django with a custom authentication backend for this.
Don't do anything. You are using facebook as means of authentication. The fact that the user logged out of facebook means nothing for that matter - He's stil the same user.
Do the users think of your site as a part of facebook? I guess not (assuming its not a facebook app, just a login via facebook). Then it would be surprising and counterintuitive from the user's perspective to find he's also logged out of your site when he only logged out of facebook.