Hi everyone I want to put a google+ login button on my website (coded in django) w/o using any 3rd party tool like Django-Social-Auth, etc.
So can anyone point me to some tutorial or help me how to do it. I want user to login via Google+ and then I can get their information at backend in django views. I will be then hosting it on Google App Engine so if some GAE API can help me then it will also be great.
I figured out the solution:
Got access_token using https://developers.google.com/+/web/signin/javascript-flow
Then send out the access_token to Server for getting User Details, considering these security measures (https://developers.google.com/+/web/signin/client-to-server-flow).
Use Django CSRF Token functionality to send token safely (https://docs.djangoproject.com/en/dev/ref/contrib/csrf/).
Related
I have created a WebAPI for user authentication using Token Authentication built on Django Rest Framework. with the help of Postman I am able to determine that my user is being created, authenticated and logged out successfully.
I have created a Django web application and have successfully consumed the WebAPI endpoints which do not require authentication in my HTML files.
Now I wish to create user Login/Logout functionality and since I am new to the subject, I don't know how to do this.
Please help? a link to a tutorial would be appreciated
Regards,
Arun
That not token authentication but may be help you
clik
I am working with APIs for the first time and was looking at how to set up social app authentication for the project. I have django-rest-auth set up for the backend that basically uses the django allauth framework. So when I pass an access token to the backend using the API view, it works.
Now that I have moved to vuejs for the front end, I am absolutely clueless on how to make it work with my API.
Any help would be greatly appreciated. I'm a total beginner for vuejs and have been working on django framework for a bit more than a month. Thanks in advance!
My URL settings in VueJS:
The error I get is:
Cross origin content is blocked by same origin policy. Use https://github.com/ottoyiu/django-cors-headers to allow cross origin access. If you are interested in details https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
The main webpage of my django server is a google map and I would like to use the signed=true button to give access to some gmail accounts to certain internal webpages.
My idea was to show a button according to whom was logged in using the google-map's signed-in button.
Can somebody give me some insights about if this is possible or what's the best to go with this?
Thanks
I believe that the button you are talking about is part of the Google Maps Javascript API - see:
https://developers.google.com/maps/documentation/javascript/signedin
Essentially the google maps sign in does not appear to offer user authentication that can be used with python. The python version of google maps uses a server key that you set up for your app - see
https://github.com/googlemaps/google-maps-services-python
This is mainly for backend functions like reverse geoname loiokup.
That said, there is nothing to stop you retaining your no sign in google map but adding either google+ authentication or google openid authentication to your app.
Both of these authentications are available through the django-social-auth project. This involves installing the python-social-auth app, syncing the database, adding appropriate oauth server details and adding the social auth project to you AUTHENTICATION_BACKENDS setting.
I want to do a very simple web app where you can log-in using your facebook account.
I am very comfortable with the django framework and also angularjs. I have an idea how to integrate these two using tastypie api framework for django.
So if I am correct django's backend would be throwing some JSON which can be used by angularjs and so on.
Where I am confused is the authentication mechanism with facebook.
How do I integrate the Facebook's authentication with my app ?
What would be a good design for such an app ?
I am not expecting a complete design or architecture for my app from anyone , but some direction so that I can go forward with the app .
Thanks :)
I wrote a small article on this subject as it seems it was not clearly explained anywhere. I found it easily done with django-rest-framework instead of tastypie though.
Here are the main steps used to authenticate (I’ll try to add a little schema to illustrate) :
On the angular side, user authenticate on facebook with Oauth.io API (it could be directly with Facebook js API).
Client gets a Facebook authentication token.
FB token is used to ask for authentication on server side.
python-social-auth authenticate with FB with the given token.
django-rest-framework sends back to client a auth token for REST API calls.
Angular client passes the token in headers when making API calls.
You can find my article here about facebook angularjs auth with a django rest backend
This repo is designed with php on authenticate server side but it has all of the facebook login code you would need for angular. It should give you an overall idea of how to get started:
https://github.com/Terumi/AngularJS-Facebook-Login
I want to upload a file to a website via a desktop app and then take the user to the website. The website has a web service, but requires authentication as does the web site. Is there a way to do this without forcing the user to authenticate twice (once in the desktop app and once in the web browser)?
Unfortunately, you can't prefill an input of type file for security reasons, which makes sense since the user won't want you uploading arbitrary files from his/her computer. But if they have a desktop app, is there some way around this?
Or maybe make the user log into the web app first and then the authentication cookie can be reused?
Any other ideas?
Thanks,
Ben
I would use the dekstop app as a client to the website app via an api.
So, login via the desktop app. The api returns a authentication token (as Carlos suggested) which might be a md5 hash stored in your database for a certain period of time, possibly matched to the clients ip address.
The desktop app can then make calls on the api (like uploading a file) as a authenticated user (by using the auth token).
When loading the website, perhaps the url is http://website/login/{auth_token} where the auth token is added to the url. The api can check to see if its a valid auth token and consider the user logged in.
You could generate an authentication token that could later be used on the website.
It all depends on the type of authentication of the service and the site. Is it integrated Kerberos, WS-Auth, is it Basic/Digest HTTP, is it forms/cookie ?
This answer will most likely not work in the very general users-on-the-wide-open-web scenario, but in intranet contexts, using Windows Authentication (on an ASP .Net solution), would provide this.