I'm writing a test suite for a django project which needs to login via django-social-auth (its facebook backend) in order to access the website.
The method I'm taking now is:
for each test:
create a test user using facebook API
use selenium to login
interact with the website once user is logged in
problem is: I need to write a few tests which use the regular django unittest (not selenium). Any idea how I can login using the regular django unittest?
It's not an easy task since the oauth code is very coupled in social-auth. So you really need a oauth service answering.
What I have done is to patch the function social_auth.utils.urlopen with a mock that returns previously recorded answers to trick django-social-auth into thinking it is talking with a real oauth provider.
It's a really hacky solution but allows me to test my custom social-auth pipeline in an isolated environment.
Related
I creating an app in which the authentication is done via web services of another app.
But as I m trying to understand how things will work, I m trying to figure out how I can store each user data and posts to them if I m not using Django auth and then linking the models via forgien keys.
All standard login's with other apps are done using a standard called OAuth2; Oauth2 standard allows you to login to apps with other services (Facebook, Apple, Google) while just storing a random token (not sensitive data).
Here is a Django library that makes using authenticating/logging into your app with another app's credentials super easy and secure using Oauth2.
Good luck, LMK if you need anything else!
I am building a web app with a Django backend and React/Redux frontend running on separate servers. I have begun to try and start working on authentication and I cannot find a tutorial that suits my needs. Every tutorial either uses deprecated modules like drf-jwt (as opposed to simple-jwt) or has a simple mono-server that houses both the backend and the frontend in one directory. The former is useless and I do not want to do the latter as I like having the two separate servers for when I move on to deployment. Now can someone direct me to a good source of knowledge for getting this done? It doesn't have to be a tutorial it can be anything. I am really lost and I do not know how to begin.
you can use 3rd party packages djoser: Provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. for more information: https://pypi.org/project/djoser/
I'm using token authentication from Django Rest Framework so, after a login/password verification, the token on response can be used on any DRF endpoint.
I am building a Django application and I need to connect to an existing external Laravel site to authenticate users. Basically to have two different platforms, but users only have one set of credentials. Also - users should be able to sign up on the Django, and their user is created in the Laravel DB.
The Laravel site has Laravel Passport (OAuth2 based) installed because it uses it for a Flutter app.
I know that REMOTE_USER is "the Django way" of achieving external auth but, I don't know where to go from there. If it makes a difference, the Django app will be a full REST application using DRF because its frontend will be ReactJS.
Can anyone explain how to achieve external auth with Django, particularly when the authentication server is OAuth2 based? Or better yet, how it can work with Laravel Passport in particular.
Thanks
I'm relatively new to Django and OAuth, so forgive me if this is a silly question.
I have an app which uses DRF and python-social-auth. Currently users can only authenticated with PSA, with Google OAuth 2.0 as the backend service.
Up until now, I have only had 'rest_framework.authentication.SessionAuthentication' as the only authentication backend, but now I need to support a very specific use case:
We need to have an automated job (a completely separate app, sitting on another server), that queries my app's REST API every X hours, to get some data from my app. Then this automated job will push the data to other sources (not relevant for this question).
I'm trying to figure out the best way / best practice for how this automated job should authenticate with DRF. The automated job is not really associated with any specific user. I suppose I can create a dummy user for the automated job to use, but that seems hackey. Also, I'm thinking that the automated job should request an Oauth token from DRF and authenticate with that, but I'm not sure if that is the right approach here.
Any input here would be useful. Thanks!
I'm new to Django and relatively new to OAuth. I'm building a Django app that's basically aiming to be a wrapper around Google Drive that implements tagging and user permissions. A few users who have important documents share them with the service account, and then the app provides a nice interface.
I'm generally confused about how to organize this, since Django seems to have many, many moving parts.
The app needs to almost constantly be authenticated with and talking to the Google Drive API.
Where does this authentication go? A model? Is it part of a site template that gets inserted on every page?
Here's sample app of integrating Django with OAuth2. You especially want to take a look at this file where it saves user credential using Storage class. There is also a documentation with better explanation about how OAuth flow with Storage works in Django.
To answer your question, you would want to define credential at Django user profile in order to save it easily associated with users. Also, your OAuth flow (creating auth url and authenticating) works at view.