python/django - login with google/facebook in our website except using openID - django

I want to make a website which is enable to login with gmail or facebook. I am using python and django framwork. Can anybody give me some idea about how to design and implement.

You can take a look at django-social-auth, it allows you to use social authentications from many websites like facebook, twitter etc.
Update:
As #Rob Agar mentioned in the comments django-social-auth has been deprecated and python-social-auth should be used instead.

Related

Django rest framework: Social Auth + JWT: Which third party packages are preferred to achieve this

I am developing a mobile application for which Django rest framework provides the api.
I want a login system with username+password and google and facebook options
I have gone through the https://www.django-rest-framework.org/api-guide/authentication/
I mentions many third party packages in the end.
Can someone guide me, how to achieve my goal using which combination of third party packages.
I have used django-allauth previously but it has no rest support.
django-allauth has support in DRF also but it is used in django-rest-auth (latest fork dj-rest-auth).
I think that should be what you want, dj-rest-auth. That has all the features, like register, login, logout, email verification, password reset, social authentication.

Login using Google+ on a Django Site

Hi everyone I want to put a google+ login button on my website (coded in django) w/o using any 3rd party tool like Django-Social-Auth, etc.
So can anyone point me to some tutorial or help me how to do it. I want user to login via Google+ and then I can get their information at backend in django views. I will be then hosting it on Google App Engine so if some GAE API can help me then it will also be great.
I figured out the solution:
Got access_token using https://developers.google.com/+/web/signin/javascript-flow
Then send out the access_token to Server for getting User Details, considering these security measures (https://developers.google.com/+/web/signin/client-to-server-flow).
Use Django CSRF Token functionality to send token safely (https://docs.djangoproject.com/en/dev/ref/contrib/csrf/).

Connect with Facebook in Django Rest Framework + Django Social Auth

I'm using Django Social Auth for connect with Facebook issue and it works perfect. I have developed an API for my Django app with Django Rest Framework. But I'm confused about using Django Social Auth with Django Rest Framework for iOS devices.
I have searched 1, 2, 3 and 4 but they are generally with Angular.js. I'm not familiar with iOS development.
What is different between facebook connect with spa and a mobile device? * How could I use these packages together?
May I migrate from django-social-auth to python-social-auth?
You can now authenticate your users against your django-rest-framework with bearer tokens/third party access tokens from any python-social-auth backend (Facebook, Google, Github, etc.) using this library https://github.com/PhilipGarnero/django-rest-framework-social-oauth2
This module provides a python-social-auth and oauth2 support for django-rest-framework. Thus this saves you a lot of time to setup what is required to have your DRF with social authorization and to be OAuth2 secure.
I think that you can achieve that using django rest framework, django-rest-auth and allauth.
Those three work nice together.
With django rest framework you already familiar.
The allauth is responsible for the social authentication.
The django-rest-auth responsible for create the RESTful api for the social authentication, i.e. the connection between django-rest-framework and allauth.
It is recommended that you let python-social-auth handle the Facebook login for you, and instead you use another OAuth plugin for Django REST Framework to authenticate with Django. This has the added benefit of also supporting non-Facebook login through the standard Django authentication system.
I'm confused about using Django Social Auth with Django Rest Framework for ios devices.
I recently answered a similar question about implementing authentication with python-social-auth and Django REST Framework. It includes some important points to read about when implementing authentication using a third party along with some important notes about how you should not pass the third-party OAuth tokens back to your client.
How could I use these packages together?
While that answer specifically mentions using OAuth as the authentication method for the API that is behind python-social-auth, you can use other authentication methods that internally use Django authentication system, such as TokenAuthentication. In any case, you will end up proxying authentication between your front end application and your third party authentication provider, using your back end API.
What is different between facebook connect with spa and a mobile device?
Facebook provides direct integration with some mobile operating systems, most notably iOS and Android. This bypasses your API for authentication, and directly authenticates your mobile application with Facebook. Ideally, it would be authenticating your back end API instead of the mobile application. This may still be possible to do if you pass the access token back to your API manually, essentially doing the same thing that python-social-auth would be doing, but that could be risky and may not be worth the extra effort.
Facebook Connect (now known as just Facebook Login) works in a similar way to how Facebook integration works on mobile devices. The one difference that may work in your favor is that it's very easy to move from Facebook Login for single page apps, to an OAuth-based authentication pattern. This is documented in the Facebook developers documentation as "Manually Building a Login Flow" and is compatible with libraries that support OAuth-based login, like python-social-auth.
May I migrate from django-social-auth to python-social-auth?
This shouldn't be an issue anymore, as python-social-auth has effectively replaced django-social-auth.

Redmine as auth backend for another site

Everyone in our office has a redmine account and so I would like to know if it's possible to use Redmine as an authentication provider.
We create internal websites using django, and rather than having to set up usernames and passwords for each one, for each person, wouldn't it be nicer if I could just click "login using redmine". Just like how on stackoverflow I can click "login with google" which works with OpenID.
Is there any plugin or facility of redmine I can use to achieve this?
Consider Redmine OAuth provider plugin.
https://github.com/suer/redmine_oauth_provider
You could use the Redmine Rest API authentication. It allows you to use user/password to authenticate.

How to integrate social-auth in my project

I want to use social-auth to provide registration/authentication via social network sites. I have been trying to understand how to use social-auth, but I have been unable to get beyond installing dependencies and configuring backends.
I am basically new to Django and I have tried hard to understand before posting on the forum. Maybe because I am not very familiar with it that is why I have been unsuccessful. Can anybody please point me to a tutorial on how to use social-auth. This will also help me in integrating other apps.
Update:
Although the answer given below solved my problem, I just want to share that I ended up using django-allauth instead of social-auth. And the latest version of django-allauth appears to be the best Django authentication app.
It's somehow unclear from documentation.
You need to create apps in Twitter/Facebook/whatever you want to use.
If you want twitter see: https://dev.twitter.com/apps/new
If you want facebook: https://developers.facebook.com/apps
They will give you api key and api secret.
Follow these basic steps that refer to socialauth docs:
pip install
add social-auth to installed apps
copy AUTHENTICATION_BACKENDS
fill api key and api secret
add social auth url patterns
configure authentication and association complete URL names (SOCIAL_AUTH_COMPLETE_URL_NAME)
context processor
syncdb
Now, what the documentation doesn't tell you, is to put links in your login template:
Login with Twitter
Should work.