django sanction oauth2.0 logging out user - django

I am trying to integrate django sanction into my blog app (django newbie here), but I seem not to be able to "logout" the user after the login process (using Google OAuth2.0).
The entire process seems pain free - i.e I am able to get all user details on my db, and able to access user details on my django templates, but, when I logout and try to log back in, it seems to remember my credentials (cookies?). I am trying to logout from here
p.s: I am developing on localhost - wondering if this is the problem(?)

See here: How to force user logout in django?
quote:
I don't think there is a sanctioned way to do this in Django yet.
The user id is stored in the session object, but it is encoded. Unfortunately, that means you'll have to iterate through all sessions, decode and compare...

Related

Keycloak single logout with Django

I created a Django application that integrates with Keycloak's OpenID authentication. So far the only pressing issue I've encounted is the logout function.
When I log out via the Django app, I could implement it such that it logs the user out of the Keycloak as well. However, I could not find a way to perform the reverse. Logging out via Keycloak account management interface does not log the user out from the Django app. This means that the user can still remain authenticated on the Django app even though he is already logged out of Keycloak, which appears to be a security concern.
From what I understood from most other similar StackOverflow post, Keycloak supposedly has a way to call back to web application to logout the user, but however it is not very clearly documented on how to implement it:
https://www.keycloak.org/docs/latest/securing_apps/index.html#admin-url-configuration
Does anyone have any idea how this can be implemented on django?
I used Django 2.1 + mozilla-django-oidc package.

Django - Change login redirect based on current App

So, I'm adding on another app to a webapp that I'm building for my company, this one involving bill creation for invoices. Unless one has a specific account with my website, they should not be allowed to access this specific app.
I am using Django's built-in authentication system. My LOGIN_REDIRECT_URI is set to redirect to one of my apps. However, I would like for the login redirect to send the user to the app that they were previously in after login. How might I accomplish this?
Thank you in advance!

Django tutorial login, delete data on user logging out

I am preparing a multitenant website on Django using tenant-id for identification (and not schema). Now, for tutorial, I would want to have a webpage with sample login and password (like Django CMS does). However, I don't want to store user data from that login/password combination, so that the data would be availabale for each session and as soon as the user logs out, the data deletes. Is there any application/packages that could help me with this? Otherwise, how can I do this?

Authenticate Facebook users in Cakephp 3x

I have used PHP SDK-4 for Facebook login in CakePHP 3 (beta version) which works fine.Now, I'm in need to fetch user data based on FB login and authenticate users. Am trying with Cake's Auth component. Initially, while trying to Auth users,
$this->Auth->setUser($user)
Got Error: Session was already started as we require session_start() for Facebook login. 1- Tried with enter link description here, and sessions [session_write_close()] etc..still it did not work. Could I get some shot on best way to authenticate users with Facebook login in site?
CakePHPs sessions are lazy started, that is, they are being started once your try to access the session in some way, and in case the session was started manually in beforehand, you'll receive that error, see Session::start().
You can easily workaround this by manually starting the session via CakePHP. The session object is available in the current request, so for example in your controller before using the SDK you could simply do something like
$this->request->session()->start();
and then the Facebook SDK should be able to pick it up.
As burzum already mentioned in the comments, the authentication should better be wrapped up in an authentication handler.
I would suggest having a look at HybridAuth, there's also a CakePHP plugin for seamless integration into CakePHPs auth mechanism, this might give you some ideas for a custom implemenation in case you need to use the v4 SDK, which isn't yet supported by HybridAuth.

django and backbone.js authentication

I don't understand how you handle authentication when using django and backbone.js.
Lets say I have an app where users can sign up / sign in. Normally in django I'd just use the #login_required decorator with my views to test if a users is authenticated or not. Since backbone is RESTful and uses something like json to communicate with the server, it's my understanding it doesn't have a concept of being logged in.
So how do I create an django backbone app that uses django's auth system so I can still take advantage of permissions, groups and session based auth.
You may find it easier to keep your login and logout code in django normally, and only go to a Backbone-based template once the user is logged in. Many sites work this way.
You will also want to watch for 401 errors coming back from the server when you sync, since this can mean that the user's session has expired. (I assume django sends these.)