I am building a django application in which user will be able to sign up or sign in only via their EBay account, no email/username or password required. I couldn't find any authentication library for EBay though there are many for google, facebook, twitter etc.
So I got the EBay part working. EBay basically returns (on consent of user) Email and a IEFS token which is unique to that user and wont change. I want to use those two fields only to create a authenticate user across whole application. I don't want username, emails, firstname, lastname or password that ships with django User model. The documentation is quite big and I am confused where to start, any proper suggestion will be big help. Thank you.
Here is a bit of insight, the code is yours to make :
You can extend the user model from Django and decide which field to use, you could for example create a Ebay ID field Abstract User
Once this is done you want to add the ebay ID to an user, just create an account with email and ID, the user won't need any more info
Finally allow user to connect only by email, either by overriding custom login from Django or using a package like Django Allauth
Please note that unless your site is accessible only by Ebay users, allowing user to connect with email/password is recommended.
It is perfectly doable, just make good use of the documentation
Related
Is there a way to set up the django authentication model where, instead of a password, users put in their email address, and then are emailed a link that they click on to login with? If so, are there any tutorials on how to set this up?
Yes, there is.
You'll either need to hope there is already a module out for this, otherwise you will have to write your own way of authenticating.
I'll give a rough estimate of how it's gonna work.
First, you will need to create a class inheriting from AbstractBaseUser
Set the username field to email, still include password fields. They are required.
Then, you will need to create a manager for that custom base user.
the user manager must have two methods: create_user() and create_superuser()
Then, in a view, have user enter their email address, and then generate a token with Django's default_token_generator, and send that token via e-mail to the user.
Create a view which accepts the token, and logs the user in.
I highly advise you to take the docs as your guide. This might get relatively complicated.
More info on the Django Docs
Side note: This will not be as secure as email and password validation. If a user's email gets hacked, the hackers will instantly know not only which site they can target, but also get a free pass to access.
Alternatively; check out Django AllAuth, they provide lots of ways to authenticate, including with Gmail or Facebook. There are some great tutorials online, but you'll have to do some googling. ;)
I'm using Python-social-auth(https://github.com/omab/python-social-auth) for user signing up through Facebook.
Only defect is that I can't get more information about user if user sign up through Facebook. For example, birth, job, hobby are required field but Facebook doesn't give these information.
What I want to know is here :
In case of birth, Facebook could give this information. Is there any way to do this? Do I have to edit the code of Python-social-auth?
I heard that there is a case where after signing up through Facebook, let new window show up for getting more infos about users. I want to see example site and how to do this.
Need helps. Thanks.
Edit
This is what I talked about. (https://developers.facebook.com/docs/facebook-login/multiple-providers?locale=en_US#postfb)
Adding manual login info to a Facebook Login created account
This situation occurs when someone creates their account in your app using Facebook Login, but later wants to also log in to the account using a unique credential and a password. For example, Netflix has a web app that uses Facebook Login alongside a regular login system, and also an Xbox 360 app where people can only use the regular login system.
Ensure the Facebook Login email address is verified
If you use an email address as the unique credential which identifies each account, your app should verify that the email address associated with the person's Facebook account (and obtained during Facebook Login) is valid. You can do this by creating code in your app to send a verification email to the address obtained after Facebook Login (you will probably need to have this step as part of your regular login system anyway).
Ask the person to supply a new password (and other credentials)
Once the email address is verified, you can now request that the person supplies a password, indicating to them that they can use this to log in to your app in future in conjunction with their email address. Once supplied, you can add this to the same part of your database where you are currently storing account information.
If your app's login system doesn't use an email address as the identification and uses something user-generated like a username instead, then you should also request that the person supplies this at the same time as a password.
I want to see example site about this. Thanks.
Define in settings SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS with fields that interest you
SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {
'fields': 'first_name, last_name, birthday'
}
List of available fields you can see here.
I'm trying to build a Django website that will be maintained and used by university students mainly. I need to restrict access to a few pages for certain approved students, but it would be very unmaintainable if I needed to create a new Django user for every student that wants to log in. Luckily, the university provides an API to check whether a username/password combination is correct. So I had the idea to create an authentication model complementary to Django's model, where users' university account can get approved by an admin, after which it is a valid login to view certain pages.
So essentially, some users may use a Django account (if they're in charge for the content of the website), and other users may just log in to view some pages with their uni account. For the uni account, the minimum amount of info should be stored (in other words, only the username is really required to approve certain users).
I can't seem to figure out how to build such a system in Django. I cannot use the standard User object because it stores data that is completely redundant, and I cannot substitute the user model because that would only make things incredibly complex. It seems reasonable to forget the User model altogether, but Authenticate needs to return a valid user. This makes me wonder, can I create regular Django users with as little information filled in as possible (dummy data except for the username), and then authenticate them with the API? Probably, but that hardly seems like a good idea.
To authenticate users using the university API, all you need to do is to write an authentication backend. You can then create a local user for these uni users the first time they login, since there is only two required fields: username and password. You can use set_unusable_password() so check_password() for this user will never return True.
The Django admin system is tightly coupled to the Django User object
described at the beginning of this document. For now, the best way to
deal with this is to create a Django User object for each user that
exists for your backend (e.g., in your LDAP directory, your external
SQL database, etc.) You can either write a script to do this in
advance, or your authenticate method can do it the first time a user
logs in.
I'm using django-allauth to allow users to login to a django app. I want users to be able to signup, but ONLY approved users should be able to access sensitive content. That is, a user who has signed up through the sign in page should have a pending status before accessing pages marked with the 'login-required' decorator.
I currently have django-allauth running with google-oauth2 login, and users are successfully added to my user table. Would anyone know how to set up such a system?
I did come across this post mentioning disabling signup all together, although I do want users to be able to signup, just approved, whether this is through the admin system or through an link generated that I would be able to click.
Any ideas would be much appreciated.
I'm building a web application where I have 2 sets of users (students and teachers). Teachers should be able to create their account, create a page of their content. Students should be able to create an account to sign up for this content. I am currently using django-registration to handle registration but I am wondering what's the best way to handle these 2 sets of users and still be able to use the Django authentication framework? I have heard about having multiple profiles but would like some opinions.
Thanks!
You could use permissions. When they sign up if they're a Teacher give them content creation permissions. If they're a student they don't get the permissions.
In the user profile I would just have a field that says which type they are. Unless a lot of the data is different I wouldn't have two user profiles.