I am using Django 1.5 and django-social-auth. I am able to login with facebook using the template:
<img src="{% static "assets/img/login-with-facebook.png" %}"></img>
Later I use the disconnect template which I thought would disconnect me from facebook, as in if I later go to facebook.com I should be asked to log in again. I believe this is the usual behavior for most apps that use social authentication.
<a id="logout-option" href={% url "socialauth_disconnect" 'facebook'%}>[logout]</a>
Can someone explain what the expected behavior should be for the socialauth_disconnect and whether it should also log me out of facebook? If not, what is the recommended way of doing so? What about other providers?
socialauth_disconnect will remove the association between the Facebook account and the User account in your application, as if the user never hit the socialauth_begin link. There's no way from django-social-auth to logout your Facebook account, to make that possible the Facebook SDK might be needed (never did that so I'm not 100% sure), since to make that possible I guess some cookies will be removed, and to do that the script must come from the same domain.
Related
I currently have a website with standard email+password mysql login and I have implemented Facebook Login.
I would like to keep both living together, however I have a little bit of confusion about how I should do it correctly.
In the standard implementation I check if user and pwd are correct then I log the user.
In Facebook login JS after I log the user I have id and email, how can I link it to the existing standard account safely?
After the JS login I could send an ajax request to mysql (a php script) and see if the email+id couple exists, but this way anyone knowing the email and the id of the fb account could do it through a post request and it wouldn't be safe.
What would be the right way to do it?
Thanks for any help!
I'm using the nice django-social-auth in one of my projects.
Basically I would like to be able to login without leaving the current page (whithout even refreshing it).
I thought about simply using target="_blank" in my provider links
<a href="{% url socialauth_begin service %}"
rel="nofollow" target="_blank">{{ service|title }}</a>
But of course it is redirecting to the default location after the successful login.
Is there a way to automatically close this new window on success so the user gets the previous page ?
With some JS and some parameters for the backend, you could open a popup window where the user can do the auth (some backends accept parameters that generate a different auth dialog layout). In that popup the user will proceed with the auth process and the popup could be closed with some JS too when the user is redirected back to the final URL.
Some of the services support javascript based login, which might be what your are looking for, however it depends on which services you want to use and whether they do support this. For example there is Client-side JavaScript SDK on Facebook.
I am having a problem that I want to integrate the Facebook login in my website, so I have registered my website in Facebook and now if I am doing the Facebook login from my site it only permits me to login htrough Facebook, as I have registered the website in my Facebook account.
I know that this should not be the case. But what I am missing here, I am not able to get that. I want all the users will be able to login to my website through Facebook.
Thanks for the help :)
I was about to suggest that you check whether your app is still in Sandbox mode, but I see from your comment that you already figured this out :)
I'm integrating Facebook into my application. A user in my app can either be authenticated via Facebook, or be authenticated by their account (email address + password) with the app. I have a page in my app where I pull Facebook friends list using FB Javascript sdk. I log into the app using Facebook authentication then navigate to the page and can see my friends list. I can then logout of app using FB.logout then login to the app using a different user account (email + password) then navigate to the page and still see my friends list. I've logged into the app using a non-facebook authenticated login. It's not a caching issue as I have no caching set up in my dev environment. I'm new to Facebook. Any ideas on why the friends page is still retrieving friends list? Thank you!
I doubt the browser is caching the friend list, unless your loading the friends list after the page is loaded via ajax. But even then it would be rare to see such a thing.
I've never used the js sdk. But i know with the PHP one it automatically stores the fb token in the session. However ive just had a thought, if your using the JS SDK, that probably means that your not using tokens like the PHP sdk does. I would guess that its because facebook is detecting the user as logged in ?
Try logging out of facebook after you logout of your own site, then login with a different account. If that works, then you need to google around and get the code for logging them out of facebook. I believe the old trick was to just header redirect them to the facebook logout url, but there may be a nicer way of doing this.
Having said that, this would log them out of facebook, so you might annoy some people. How often can you see people logging out to log in with a different account?
I have a website which users can sign up to using Facebook Connect (with the new OAuth 2.0 stuff). Now when a user logs out of Facebook they remain logged-in on my site.
I'm not using the JavaScript SDK as I don't like the "magic behind the curtains". So what should I do when a user logs out of Facebook? Should I care at all? I get the feeling I should try to catch this somehow and log them out of my site as well.
I'm using Django with a custom authentication backend for this.
Don't do anything. You are using facebook as means of authentication. The fact that the user logged out of facebook means nothing for that matter - He's stil the same user.
Do the users think of your site as a part of facebook? I guess not (assuming its not a facebook app, just a login via facebook). Then it would be surprising and counterintuitive from the user's perspective to find he's also logged out of your site when he only logged out of facebook.