I have started to use python-social-auth in a django project to authenticate the users from facebook, email, and potentially other sources.
I was able to integrate it to my project, and to create new users with both facebook and email.
I understand the concept of pipeline but something remains unclear to me:
How to differentiate login and signup? It seems to me that python-social-auth has a single pipeline for both login and signup actions.
I have implemented a signup and login (with email) template but for now, both submit the form to the url '/complete/email/'.
My loggin form only sends an email and a password but this creates a new user if the email does not allready exist.
How would you differentiate both use cases? Should I use the python-social-auth pipeline only for signup and implement a login view for my "log in with email" page as I would do if I were not using python-social-auth?
Thanks for any answer, experiences on how you did it or further explanation about python-social-auth concepts.
So my solution was to switch back to standard django-style login-signup for the email backend.
I found that it was easier for me to implement the workflow with two different forms and handling cases where user already exist and so on.
If you did it with python-social-auth, I would still be interested to hear about your solution but for now i'll use it for other authentication sources, where it pretty much works out of the box as I want it!!
Related
I was looking to create a authentication, registration, password reset and email confirmation using Django.
Workflow:
Displays form to enter username, email address, password,
sends verification email, to email to be verified.
user is inactive until link verification is complete.
option to reset password through this page
I found this question posted in 2011
Django - authentication, registration with email confirmation
Summary:
django-allauth, last commit 25 days ago
django-registration, last comitt 4 months ago
any others?
Questions:
Since it is 2019 I thought to ask again and see what people recommend and use in 2019?
which do recommend and why? (easy of use, documentation, industry standard, involved community? etc.. )
thanks for the help
Your question is opinion based, so it will most likely get flagged as such - but I will try to answer anyways.
django-allauth is still, in my opinion, the best overall registration workflow for someone looking for social login or login with extra capabilities, such as email verification (which you seem to need). For regular login capabilities it is overkill, and you can just use the default django authentication for that. Don't forget you can always extend basic django authentication using custom authentication
If you are going to use django to create an API that serves react, swift, etc, you can also use django-rest-framework with an authentication package such as django-rest-knox to handle multiple token-based sessions.
I have visited a couple of sites and they offer the option to try their site without registering, but you can login with something like someusername#somesite.com and somesiteguest.
I want to implement this for my own site. Currently I am using django-allauth for handling registration and logins.
I am just not sure how to handle users login with the same credentials.
I'd like users to be able to register without using a 3rd party if they so choose. Few sites require a username to login anymore, so I'd like to use emails instead of usernames.
django-rest-framework-social-oauth2 combines python-social-auth and django-oauth-toolkit.
python-social-auth includes an EmailAuth backend that should let users register with an email and password. However, I don't understand the implications around using this instead of a Django-specific auth backend, and the docs label it as 'legacy', which sounds a little scary.
In fact, I have no idea how creating accounts, including from 3rd parties, works regarding the Django User Model as it requires a username.
What will I lose using EmailAuth? Is that the ideal way to go here, or is there an alternative?
For reasons I don't understand, Django still doesn't support emails instead of usernames without a custom user model, so regardless I need to use something bespoke or open-source for email-based accounts.
EDIT: python-social-auth just fills the username field with username = email.split('#', 1)[0] as shown here. I think I may need to make a custom Django User model and point python-social-auth to it, but I'm not sure how, and I'm not sure if this should still be used via EmailAuth or independantly of python-social-auth.
I've been trying to add a functionality to my app, so that uses can push the posts they create on my website to there Facebook, Twitter and G+ profiles.
So I decided django-allauth can be a good way to go about it. But what I want is users to Register and Login using Django's Authentication backend and once they are in the system then they can choose to Link their FB, Twitter and G+ profiles.
Is there a way to achieve this kind of functionality using django-allauth?
Given our comment discussion above, your original question was not what you were really after.
Still to provide an answer to that original question, provided someone else is interested: allauth now (*) supports an is_open_for_signup(self, request, sociallogin) method that you can override. It lives on the DefaultSocialAccountAdapter. Simply return false here to disable social signups.
(*) since https://github.com/pennersr/django-allauth/commit/6794afedcdeaafa907f1184772371f44e742514f
I am familiar with using django's built-in auth to create a new user that has an email and password, but I would like to create a new user that will only use Twitter to login. From what I can tell, django-social-auth associates the twitter account with an existing Django User object. In my case, there will not be an existing Django User object, as Twitter will be the required method for logging into the site. Should I abandon django's built in auth? Or is there a good way to extend it to do what I want? Thank you for any suggestions.
django-social-auth extends django built-in auth. django-social-auth will create it self a new user whem your Twitter user will be successfully authenticate. You can read about django-social-auth features:
Basic user data population and signaling, to allows custom fields values from providers response.
Multiple social accounts association to single users
Custom User model override if needed (auth.User by default)
Extensible pipeline to handle authentication/association mechanism