I'm trying to figure out the best way to pull in a social email when a user signs up through a social account (I'm using Facebook and Google). Ideally it would be great if the email pulled into the User instance when the user signed up, similar to how first name and last name are pulled in. Is it possible for django-allauth do that?
The other option that I would do next is to use the Facebook/Google APIs to get the email from the user since the id is stored in user.extra_data
Anyone know if django-allauth can pull in social emails, or have any other ideas on how to bring in the social email?
Check out the SOCIALACCOUNT_EMAIL_REQUIRED setting. Setting that to True, along with requesting the relevant permission from the social provider (e.g. email for Facebook), should work.
Related
As the title suggests, how can I create a limit list of users in django social login, so that only authorized users are able to login with their social account?
For example, a user with certain gmail account can login, but others cannot login using unauthorized gmail accounts. Right now, if I use allauth, all users who have gmail account can login to my django site, but that's not what I expect. Thanks!
If you mean that only emails with existing accounts in your site can login using django-social-auth, then you can update the pipeline of your login. You can find the documentation here: https://python-social-auth.readthedocs.io/en/latest/pipeline.html.
If you disable the social_core.pipeline.user.create_user step of the pipeline, then the social login will only allow login to users which already existed in the site.
I'm using Django social auth to log users in using Facebook, Twitter, etc as described, for example here.
Scenario:
A user is logged onto my platform using my native login system. I want them to validate that they own a particular Twitter account without redirecting them to a view where request.user is a new UserSocialAuth associated with their Twitter account. I want to show the user the Twitter login page but, after they provided their credentials, keep them logged in as they were rather than log them in as a different user.
can add more accessible details for your social users indicated here:
https://python-social-auth.readthedocs.io/en/latest/configuration/django.html#database
So on my website I have a signup/signin page. I'm looking at implementing social signup/signin buttons.
I'm planning on saving the social user data in their own table and then use that data to make a user on my website (in my sites user table).
The problem/question is, how should I handle the password?
They need to confirm their password whenever they change sensitive information. ie. username,email,password. Which is not possible if they don't have one set.
Of course I have a "forgot password" button, but surely there's a better way.
The general rule of password handling is to never send password in plain-text over the net.
For the social signups/signin the password handling is taken care of by the provider. The API they provide will usually give you an unique id or something that you can use for verification in your data-table.
Be aware that some of the social authentication APIs strongly recommend not to send user-ids over the net, but rather let your back-end do the user-id look-up with an access token.
Try to search for "[social media] oauth" that will help you on your way
I am using django-social-auth app for my social logging. Now I want to fetch more information from facebook like dob,address and many more. In this I tried using putting in settings
FACEBOOK_EXTENDED_PERMISSIONS but it is not working for me.
Please help me in knowing, how to fetch more information using social auth from facebook, google and twitter
Thanks in advance
Paritosh
For the extended permissions with django-social-auth you need to add them to the request selecting permissions you want from facebook permissions. For example in your case, you probably want user_about_me or user_birthday.
FACEBOOK_EXTENDED_PERMISSIONS = ['user_about_me']
For example.
I have been trying to use django-allauth to provide Social registration, but I am having trouble configuring the profiles for the user. There is no documentation of django-allauth which tells
how a django user account is created when a user logs in via a third party such as facebook
What username is assigned to that user and what password is used.
Certain third party providers such as Facebook provide a lot of information about the user such as their name, email etc. so how can we get them and save in the user account/profile
If anybody has used allauth in their projects and can provide some details then it would be really helpful.
I am using django_allauth in my project.
(1) How a django user account is created when a user logs in via a third party such as facebook ?
You should take a look at :
your admin panel and see what happens when somebody logs in.
allauth.facebook.views.login and try to track the login process
It is something like this (in a few words):
When a user logs in your site via his Facebook credentials he is given an access token
This token is saved in the FACEBOOK_ACCESS_TOKENS table (you can see it in the admin panel)
With this access token and with the help of Facebook GraphApi we know his social_id
When we know his social_id - we can have his Facebook account from our database
If we haven't saved it in the db already - we save the Facebook account in the FACEBOOK_ACCOUNTS table (Facebook Accounts in the admin panel)
Then we create a user in the USERS table with the data present in the Facebook account. (you can see the new user in the Users section in the admin panel)
(2) What username is assigned to that user and what password is used ?
As I mentioned before with the help of Facebook GraphApi we get the username of the Facebook user and it is assigned to the User profile as User.username
(3) Certain third party providers such as Facebook provide a lot of information about the user such as their name, email etc. so how can we get them and save in the user account/profile?
Again - the Facebook GraphApi - it gets you the info you need.
I have integrated django_allauth in my site and it is working properly. I will be happy to answer(if I can) if you have more questions.
EDIT - For the avatar support...
I think you have to take a look at the django_allauth settings and particularly in:
SOCIALACCOUNT_AVATAR_SUPPORT (= 'avatar' in settings.INSTALLED_APPS)
Enable support for django-avatar. When enabled, the profile image of
the user is copied locally into django-avatar at signup.