Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
What is the best authentication app for Django that:
has configurable required fields, for example allows using email as username
integrates with other authentication APIs, such as Facebook, Twitter, Google
password recovery flow is configurable, sends temporary password vs. recovery link
preferably has invitation system, so the registration process can be controlled
I don't think there is any that has all these features, so I'm looking for one that covers as much as possible. But these are features that almost any well design web service should have. So I don't want to reinvent the wheel.
There isn't one django package that will cover everything, instead there are numerous great projects that tackle each of the requirements you mention:
general auth : django-auth - this is a part of the django distribution but needs to be eneabled
social authentication : django-social-auth - integrates social authentication with the default django-auth flow
registration and passwords : django-registration - adds the registration flow, including sign up and email confirmation etc.
invitation system : django-invitation - allows registration to be limited to invitations
profiles : django-profiles - allows you to extend the users account with a profile
You could also have a look at django-userena which is a new hosted solution to user management for your django app. I haven't looked into how it works or how comprehensive it is, but it looks promising.
Finally, have a look at django packages for other authentication apps:
http://djangopackages.com/grids/g/authentication/
EDIT:
This post is a little outdated
django-social-auth has become python-social-auth
django-allauth: There is another good all-in-one auth app called django-allauth. I haven't used it extensively but I believe it takes care of auth, social-auth, registration and profiles in one app
Configurable User Models: Django 1.5 introduced a configuratble User models in the auth module so you can now edit what fields you want to make use of for your user (email only, no username etc.). This is also useful if you want to add profile-like information to your user without having to join with another table (like you would with django-profiles or a OneToOne relationship with a custom profile model)
Here is nice and official comparison for only Facebook Authentication Packages
Facebook Authentication
Go for django allauth. it Covers all authentication flows, Custom user model. and over 50+ social authentication providers. We are using it from a long time and it has evolved a lot over the time.
First you have to install social-auth-app-django:
pip install social-auth-app-django
Then add it into your INSTALLED_APPS (in settings) then you have to create API keys, using the steps below for the networks you want to enable:
Google
Create a project on Google Cloud Platform
Facebook
Log into Facebook developers and create API keys
Twitter
https://apps.twitter.com/app/new
After creating project you will get the App ID and App Secret (don’t share it with any one) then add these ID & Secret in setting and provide a redirec valid url for more info
Related
I was looking to create a authentication, registration, password reset and email confirmation using Django.
Workflow:
Displays form to enter username, email address, password,
sends verification email, to email to be verified.
user is inactive until link verification is complete.
option to reset password through this page
I found this question posted in 2011
Django - authentication, registration with email confirmation
Summary:
django-allauth, last commit 25 days ago
django-registration, last comitt 4 months ago
any others?
Questions:
Since it is 2019 I thought to ask again and see what people recommend and use in 2019?
which do recommend and why? (easy of use, documentation, industry standard, involved community? etc.. )
thanks for the help
Your question is opinion based, so it will most likely get flagged as such - but I will try to answer anyways.
django-allauth is still, in my opinion, the best overall registration workflow for someone looking for social login or login with extra capabilities, such as email verification (which you seem to need). For regular login capabilities it is overkill, and you can just use the default django authentication for that. Don't forget you can always extend basic django authentication using custom authentication
If you are going to use django to create an API that serves react, swift, etc, you can also use django-rest-framework with an authentication package such as django-rest-knox to handle multiple token-based sessions.
I'm enhancing the website architecture for an open-source community. I want to provide some options(or features) to authenticated users only because an open-source community always contains thousands of members which leads to a chance of spamming. I'm adding OAuth using GitHub which can prevent user spamming.
All I would like to know whether should I add OAuth on an open-source community website or not? Is it a good practice? or there is some another way I should do to prevent user-spam?
I want to prevent spamming, for example, user-2 can not update the profile of user-1 (just an example don't want to achieve this task)
If you are not building an anon targeted website, then yes, user profiles are a need. If your website user flow suggests editing other user's profiles, you can allow it in django, but why? User profiles usually are only editable by owners.
Research what OAuth provider your users might prefer. django-allauth and similar apps give you a way to easily add OAuth of any of hundreds of providers, so it's only a question what your users want to use.
I'm using django-auth with the django-auth-openid extension to use OpenID (specifically, Google) to log users into my site. I have a user base of about 90 who will be using the site. All of them have Google accounts, and will be using them to access the site. Since the user base is set (there is no registration allowed, only admins can add users), I already have an exhaustive list of all of my users, including their email addresses and other information. How can I allow these users to login with their Gmail addresses without making them register first? Essentially, I'd like to make django-auth-openid match OpenID Gmail addresses to rows in the existing django-auth Users table. Is this possible?
Thanks!
I ended up using the python-social-auth library (which has Django support built in). The documentation for use with Django isn't great, but between the docs and the provided example it was relatively easy to integrate it with my existing django-auth setup. After that, I just deleted the 'create_user' pipeline from the SOCIAL_AUTH_PIPELINE tuple in my settings, and, that way, only users with existing OpenID connections were allowed in (no new registrations occurred from OpenID logins). This meant, though, that I had to create those connections (between OpenID identifiers and Users) manually, but that was pretty easy to do just using the Django Python shell.
I'm slightly new to Django, and I've never had a fun time doing user management in web dev. Is there a nice, basic example/tutorial on authentication the Django User model with Oauth such as Twitter? Can I use the current User model and the data in it, or do I have to create a new table and migrate the current users over?
I tried searching around Google and such, and though I slightly see where alot of the django-social and oauth plugins go with things, I can't figure out how they're storing tokens and if they're extended to the User model.
In short, I just need a basic example and plain-English description on how to implement Oauth (or any login API) with the built-in Django User model.
Thanks!
You should try python-social-auth (the old deprecated version being Django Social auth).
I want to implement Facebook connect login for my Django site and I've checked the already existing apps.
So far, I have found Django-Socialauth, django-socialregistration, and django-facebookconnect for this purpose.
The question is which one to choose, and I would like to hear from other developers who have experience with any of these apps.
It is important for me that the Facebook Connect login app plays nicely with #login_required, with the default auth system, and with django-registration.
Please share your experience :)
Update (11/26/2013): I'm updating my recommendation. Since a sufficient amount of time has passed since I wrote this answer, I would recommend python-social-auth or django-allauth as the best tools for the job. They are active projects with good documentation and support for a lot more than just Facebook. I've had success using both.
I have had the most luck with adapting django-socialregistration with django-registration (0.8). Since you're working with django-registration, you're going to have to do a little bit of work, since all three of those packages assume the role of both the creation and the authentication of the user.
I was just going to explain what needed to be done, but you inspired me to finally get my version out: hello-social-registration.
Like I alluded to, it separates gives the registration functions to a django-registration backend and handles all the authorization itself. I've been using this on my near-beta application for a while now with no problems (I also handed it to a friend to use a few months ago and he got it to work without much modification).
It's definitely not ready to be a plug-and-play reusable application, yet, but hopefully it'll provide you with some insight. :)
By far the most commonly used package for Facebook authentication in Django is Django Facebook:
https://github.com/tschellenbach/Django-facebook
It also gives you access to the facebook APIs using the included Open Facebook api client.
I wanted to implement a basic "Login using Facebook" functionality in my Django app. I didn't want to show the user a form to fill or have her choose a password. I preferred to make it seamless.
Based on my requirements, django_facebook_oauth was the best app for me. It simply allows the user to login using facebook, and gets the user info my Facebook app requests from her (based on my Facebook Auth Dialog). It creates a new user in Django with the user's facebook email, a username and a blank password.
I highly recommend it.
Hi Take a look at fbconnect app that we (actually, Hernani, a guy on our team) put together for osqa (a clone of CNPROG).
You will have to, probably, tinker a bit to adapt that to your needs. It does work with #login_required decorator and the standard django.contrib.auth system, but we do not use django-registration.
Our app also works with openid and password login, but the openid part is tightly coupled with the Q&A component at present.
We may separate it though some time in the future, if anyone might be interested in "anything-signin" django pluggable app or has something better already - pls let us know.
I've used django-allauth and django-facebook on two different projects.
django-allauth was great and provided very good support for logging in and creating user profiles. It could also work with other auth providers, which I didn't implement.
django-facebook worked out of the box, but it's only compatible with Facebook. It also provided simple APIs for fetching users' likes and friends from Facebook directly into the db, which I liked very much!
facebook.get_and_store_likes(user)
facebook.get_and_store_friends(user)
I played with .NET based libraries and found them to be frustratingly out of date. Facebook seems to change their APIs frequently, so if you cannot find a library that is routinely maintained, you will find that you will get halfway through your implementation before you realize that there are serious problems.
I had some success with the javascript API that Facebook publishes and maintains. While the documentation may not be always up to date, I found that I was always within striking distance of the correct implementation (one or two changes needed).