I want to implement Facebook connect login for my Django site and I've checked the already existing apps.
So far, I have found Django-Socialauth, django-socialregistration, and django-facebookconnect for this purpose.
The question is which one to choose, and I would like to hear from other developers who have experience with any of these apps.
It is important for me that the Facebook Connect login app plays nicely with #login_required, with the default auth system, and with django-registration.
Please share your experience :)
Update (11/26/2013): I'm updating my recommendation. Since a sufficient amount of time has passed since I wrote this answer, I would recommend python-social-auth or django-allauth as the best tools for the job. They are active projects with good documentation and support for a lot more than just Facebook. I've had success using both.
I have had the most luck with adapting django-socialregistration with django-registration (0.8). Since you're working with django-registration, you're going to have to do a little bit of work, since all three of those packages assume the role of both the creation and the authentication of the user.
I was just going to explain what needed to be done, but you inspired me to finally get my version out: hello-social-registration.
Like I alluded to, it separates gives the registration functions to a django-registration backend and handles all the authorization itself. I've been using this on my near-beta application for a while now with no problems (I also handed it to a friend to use a few months ago and he got it to work without much modification).
It's definitely not ready to be a plug-and-play reusable application, yet, but hopefully it'll provide you with some insight. :)
By far the most commonly used package for Facebook authentication in Django is Django Facebook:
https://github.com/tschellenbach/Django-facebook
It also gives you access to the facebook APIs using the included Open Facebook api client.
I wanted to implement a basic "Login using Facebook" functionality in my Django app. I didn't want to show the user a form to fill or have her choose a password. I preferred to make it seamless.
Based on my requirements, django_facebook_oauth was the best app for me. It simply allows the user to login using facebook, and gets the user info my Facebook app requests from her (based on my Facebook Auth Dialog). It creates a new user in Django with the user's facebook email, a username and a blank password.
I highly recommend it.
Hi Take a look at fbconnect app that we (actually, Hernani, a guy on our team) put together for osqa (a clone of CNPROG).
You will have to, probably, tinker a bit to adapt that to your needs. It does work with #login_required decorator and the standard django.contrib.auth system, but we do not use django-registration.
Our app also works with openid and password login, but the openid part is tightly coupled with the Q&A component at present.
We may separate it though some time in the future, if anyone might be interested in "anything-signin" django pluggable app or has something better already - pls let us know.
I've used django-allauth and django-facebook on two different projects.
django-allauth was great and provided very good support for logging in and creating user profiles. It could also work with other auth providers, which I didn't implement.
django-facebook worked out of the box, but it's only compatible with Facebook. It also provided simple APIs for fetching users' likes and friends from Facebook directly into the db, which I liked very much!
facebook.get_and_store_likes(user)
facebook.get_and_store_friends(user)
I played with .NET based libraries and found them to be frustratingly out of date. Facebook seems to change their APIs frequently, so if you cannot find a library that is routinely maintained, you will find that you will get halfway through your implementation before you realize that there are serious problems.
I had some success with the javascript API that Facebook publishes and maintains. While the documentation may not be always up to date, I found that I was always within striking distance of the correct implementation (one or two changes needed).
Related
What is the correct way to start using Instagram oEmbed feature? Documentation (https://developers.facebook.com/docs/instagram/oembed/) claims that I have to pass App Review to start using the feature. And application form says Please provide a URL where we can test Oembed Read. Which I don't have because I have no access to the feature.
What I have tried with no success:
I requested instagram_oembed resource with:
app token of application in live mode
app token of application in
development mode
passed URL to a post by official Instagram account
(e.g. https://www.instagram.com/p/CQG4gZxMzzO/)
passed URL to a post
of a user who is Admin of the app
In all cases I receive (#10) To use 'Oembed Read', your use of this endpoint must be reviewed and approved by Facebook. To submit this 'Oembed Read' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review.
Example of the request I do https://graph.facebook.com/v11.0/instagram_oembed?url=https%3A%2F%2Fwww.instagram.com%2Fp%2FCQG4gZxMzzO%2F&access_token=appAccessToken
We're also suffering from this issue, but so far, we thought we already figured out how to do that.
Big picture
Facebook had not sorted this thing out correctly. Or at least, we don't know why they put such a restriction to this API.
The official document is not correct. (or at least not accurate for now, for some part)
Which part was not correct?
The access token part is not right. Or at least, it's the most confusion part.
How can we resolve this?
Use the Graph API Explorer
Adjust your token(App token, Client access token, user token) with the official URLs(see below) to see if you can get the result
most of us should be able to get the result with user access token, which means you have to access this API after login!
Integrate into your app for review
The review page is also confusing:
Please provide a URL where we can test Oembed Read. Include the URL of a page, post or video from our official Facebook or Instagram pages, or the pages themselves., it means you can only use links like https://www.facebook.com/instagram or https://www.facebook.com/facebook
With that in mind, so far, the only way to get approved is integrate your oembed usage into your normal UI with facebook user access token ready
Question to the big picture
So, we have to ask user to login with our facebook app, then we can provide this oembed read API returned embed HTML? I'm afraid that's what we have now.
big companies might be able to apply for App Token, I guess in that scenario, facebook login is not necessary
for small companies, indie developers, hmmm, I don't know any better solutions so far.
I have run into this too. I do not have an answer at this time, I just want to report on the frustrations of their 'app review' process. Which makes it feel like you are unlikely to get it to work any time soon.
We have a custom embed code for our weblog authors to use (a shortcode kind of thing) which does the oEmbed call. We just take the HTML from the resulting JSON, and insert it into the weblog article page, and that is it. It stopped working, presenting this same error - in live mode, and in development mode.
The kicker is, I then tried submitting it for app review. Filled out everything I could to the best of my knowledge. Provided them a test account and post on our weblog to show the shortcode editing and expected placement. We got rejected. Why? Your embedding resulted in an error, we can't see it in action to approve you.
Yes. The error I am getting is that I need my 'app' to be reviewed and approved.
This is an infuriating process. This is the only Facebook / Instagram API feature we use at this point. No user data. No attempt to make an Instagram clone app or anything like that. Just an embed.
And they are making this simple use case as impossible to use as they can. And the documentation also feels like an infinite loop. They say users of the old Instagram embed call have until September 7 2021 to get approved. But the call does not work at all because we are not approved. So we cannot get approved.
Same loop here. I've managed to report it to Facebook team and get answer "Just submit your Instagram post URL"! I can't believe it, its can't be so simple. I've confirmed it few times with Facebook team person and.... get rejected!
Also, second form in App Review process will LOWERCASE all of your links and I've spent few days just to explain it to reviewers and support person. Still rejected after submitting proper url. This is insane.
My another attempt was about to build a test page where I can auth via Facebook account, parse connected Instagram accounts and GET embed endpoint with user access key in hope that reviewer HAS access to oembed feature - REJECTED. I can't even find what permission I need to add to auth URL to obtain oembed thing.
Will update my answer with new information later.
UPDATE: After reporting about the issue with lowercase URL in submission form they just APPROVED my app without APP REVIEW. Well... Facebook style...
I had exactly the same problem recently. Updated the packages with compose, changed the API version from 10 to 11... without any change.
The error was also occurring in development mode, it didn't make sense that Facebook was asking to approve in dev mode.
For me, the problem came from the management of scopes in my application, depending on the version of the Facebook API used.
My advice: check the scopes defined with API version in your code first.
I had the same issue and the solution is very simple. The only thing you need to do is copy paste an instagram url in the input field saying: Please provide a URL where we can test Oembed Read.
I did the this link: https://www.instagram.com/p/G/
Which is actually the first instagram post :) Got approved. Hope this helps everybody!
This issue is very common in stackoverflow, and there's a lot of different questions and answers about it, yet I couldn't find exactly what I need.
First, I'd like to define exactly what I need: the option to let users log in to my app using their Facebook credentials. The app will save a matching classic Django user. I will only need to use the user's profile picture and to make sure that each time the same Facebook user will be related to the matching Django user.
Unfortunately, I find it really frustrating to implement for the following reasons:
By now, after reading a lot, I couldn't find out what is the best package for this task.
Some people recommend django-social-auth and praise its functionality and documentation. Personally, I don't understand why, since it's not specifically for Facebook and there are no explanations about the client side, i.e the Facebook login button and how the whole flow works.
When you go to Facebook developers, you suddenly find yourself reading about some magical javascript sdk, and about a promise that that's all you need. Then you get frustrated again and can't understand how a client side related sdk can sign up users to your app.
I know developers somehow implement Facebook auth packages in their apps, but I just can't figure out how to do it.
If anyone could tell me: at this time point, what is the best way to add Facebook authentication to my Django app? I would also ask for detailed documentation / tutorial that explains how to log in a Facebook user, from settings and configuration level through signup to Django app and to client side code.
There are multiple ways to approach the problem, what is the "best" way is really subjective.
Subjectively speaking, you could opt for django-allauth. Here are a few pointers to help you get started:
If you want to keep the signup simple, set SOCIALACCOUNT_AUTO_SIGNUP to True in order to achieve a "no questions asked" login. Users simply approve the FB dialog and they end up logged in in your site right away.
Adding a login button to your template is merely a matter of:
Sign In
The app offers support for the JS SDK login (pro: users are accustomed to the typical FB popup that appears), or you can use your own OAuth flow. Whatever you please.
The fastest way understand FB's Oauth 2.0 flow is to play with FB's Javascript SDK. Once you get the hang of it, the FB's PHP library is similar. Also, other OAuth sites like Google, Twitter or Dropbox have almost identical implementation.
In baby steps:
Learn how to install FB Javascript SDK onto a simple page
Use FB.login to determine login status and obtain the login url.
Lastly, use FB.Event.Subscribe and subscribe to auth.statusChange to detect the login/logout changes.
Also, good to check out https://developers.facebook.com/roadmap/ on the upcoming features or features being removed.
django-social-auth is not just for Facebook, but that doesn't mean you should use all the backends available.
Project documentation is at http://django-social-auth.readthedocs.org/en/latest/index.html and Facebook backend details at http://django-social-auth.readthedocs.org/en/latest/backends/facebook.html.
Before I post my question I would like to tell you that I'm aware of few excellent django packages out there for twitter and facebook integration:
Django-Facebook
django-social-auth
django-allauth
So, here's my question:
What I want?
I want to:
Allow users to registration via facebook and twitter. (easy to implement using any of above).
Allow multiple social accounts integration into one user account. (I think both #2 and #3 can do it.)
Create profile from facebook or twitter data (needs extended permissions in case of fb). So, it means we also need to access data from facebook and twitter.
Allow user to post to facebook and twitter from django app (activity as well as via forms).
Inviting and Finding facebook friends (#3 can do it.)
Provide same functionality as facebook app. (#3 can do it.)
Post to user's owned facebook page. (I'm not sure if #3 can do it.)
What I think
If I had to deal with facebook only then I think Django-Facebook answers almost all of my questions. But since I also want to support twitter I'm not sure what I should do. All I can think of:
Django-Facebook for facebook + django-social-auth or django-allauth for twitter. I'm not sure if this combination can work. Please let me know if you tried anything like that.
django-social-auth or django-allauth only if any of these can provide aforementioned facebook functionality as well.
[Edit:] Actually I'm looking for answers to both of the following questions:
If I choose to use django-social-auth only then can somebody point me to the samples/code snippets for interacting with facebook and twitter.
If I want to use Django-Facbook (because it provides lot of functionality), can I choose it for facebook and django-social-auth (or django-allauth) for twitter only. I mean to say everything related to facebook using Django-facebook and everything related to twitter using social-auth or allauth. Will this combination work?
Thanks for your valuable suggestions in advance.
django-social-auth is concerned with its namesake: authentication. The first 3 items in your list deal with authentication (plus profiles), so I'd use django-social-auth for those.
The rest are interactions with the various services and would best be served by other libraries like the one you mentioned (django-facebook etc.). django-social-auth will take care of access tokens and permissions, so you can use these in conjunction with the other apps to perform API operations.
Just fishing for ideas here.
Do any of the major template presentation frameworks (such as Smarty, Django) have prebuilt login/security handling? I want to save time on the security handling because it will consume a lot of time to worry about that. I want to build a site from ground up but I dont really want to go so far as starting with a completed content management system like Joomla or Drupal... thats way overkill. I prefer Java, C#, or PHP and I want to start from as close to "scratch" as I can.
Yes, Django has a complete authentication/authorization framework - see the docs here.
For registration, James Bennett's add-on project django-registration is excellent and popular.
Edited after comment: Django itself supplies the mechanism for allowing admins to create user credentials, storing them in the db, validating them on login, and restricting access to areas of the site based on privileges.
django-registration provides the mechanism for a user to sign up for a username via the site, via an email with a one-time confirmation URL which sets the login up as valid. There are various other plug-in projects which provide variations on this userflow, which may be useful depending how you want your site to work.
I'm working on a django site, which I want the authentication part to work exactly like how Stack Overflow works. A new user comes to the site, they click on "create new account", choose their OpenID provider, get validated, then an account is created for them with "openiduser4356" or something as the username. The user can then go into preferences and change the username to whatever they want. I don't want any kind of local account sign-ups at all.
I pretty much spent all day getting django-authopenid working and it seems the only way this plugin works is by adding OpenID identities to already existing accounts. Heck, you can't even run your site when you have django-authopenid installed unless you have django-registration installed as well...
Before I spend another day wrestling with this thing to try getting it to do what I want, I'd rather just know off the bat if this kind of thing is even possible/a good idea. I noticed that there are a few other OpenID plugins for django out there. Are any of them any better at doing what I'm trying to do?
django-openid does not depend on django-registration.
You might also take a look at a fork of django-openid, django-openid-consumer. It works with the most recent python-openid libraries.
If you don't mind using rpxnow.com, check out http://github.com/howthebodyworks/django-rpx/tree/master