I want to do a social authentication with Google and Facebook. For that I have use social-auth-app-django. When I login with using Google it will directly create an account in django user model and redirect to my URL. But I want to fill extra required details of user, after entering detail create user after user's confirmation and don't want to directly login new user and redirect to my authenticated page.
Any suggestion is always appreciated.
Thanks.
That's basically the purpose of the partial pipelines feature on python-social-auth (docs). The idea is to pause the authentication flow at any time and resume it later, it's commonly used to ask for more details to the user, or to just send a validation email.
Check the example application here, in the settings it overrides the default pipeline with one that will ask the user for their email address.
Related
Is there a way to set up the django authentication model where, instead of a password, users put in their email address, and then are emailed a link that they click on to login with? If so, are there any tutorials on how to set this up?
Yes, there is.
You'll either need to hope there is already a module out for this, otherwise you will have to write your own way of authenticating.
I'll give a rough estimate of how it's gonna work.
First, you will need to create a class inheriting from AbstractBaseUser
Set the username field to email, still include password fields. They are required.
Then, you will need to create a manager for that custom base user.
the user manager must have two methods: create_user() and create_superuser()
Then, in a view, have user enter their email address, and then generate a token with Django's default_token_generator, and send that token via e-mail to the user.
Create a view which accepts the token, and logs the user in.
I highly advise you to take the docs as your guide. This might get relatively complicated.
More info on the Django Docs
Side note: This will not be as secure as email and password validation. If a user's email gets hacked, the hackers will instantly know not only which site they can target, but also get a free pass to access.
Alternatively; check out Django AllAuth, they provide lots of ways to authenticate, including with Gmail or Facebook. There are some great tutorials online, but you'll have to do some googling. ;)
I am working on a simple site with a login functionality. To handle auth in the backend I am using the Djoser library. I have login functionality working. However now I want to create a site on my frontend which has restricted access based on a users roles.
What I want is that if a users is admin/staff then the frontend site has another page in the navbar. So my question is, how should I go about handling this. My first thought is that, when the user is logging in, then the token is sent to the frontend and stored, and then with the token I would also send the users role and store this aswell. However I am not sure how to extend Djoser to do this.
Another option would be to simply say that after the user has logged in and received the token and stored it in the frontend, I would make a subsequent request to the backend to get that users information including its role and store that aswell. This of course takes 2 backend calls instead of one as in the first option.
To me it seems optimal to use the first option, however I am not sure how to extend the Djoser login path to send both a token and the users role.
Solved it myself, see my answer below to see how I did it.
However if anybody is familiar with a smarter way to achieve what I am trying to, then please post a comment!
Okay, I figured it out myself. Leaving this here if anybody needs it.
First I create a serializer file in my project directory (original app).
Then I took the TokenSerializer from Djoser and extended it to the following,
from rest_framework import serializers
from djoser.conf import settings
class TokenSerializer(serializers.ModelSerializer):
auth_token = serializers.CharField(source="key")
is_staff = serializers.BooleanField(source="user.is_staff", read_only=True, default=False)
class Meta:
model = settings.TOKEN_MODEL
fields = ("auth_token", "is_staff")
I did not realize that you can use the source keyword, with this I can access the user model attached to the token, and the retrieve the is_staff field.
This now makes it so that a user requests a login to /auth/token/login/, with the login details, it responds with a token and whether or not the user has is_staff field set.
I am building a django application in which user will be able to sign up or sign in only via their EBay account, no email/username or password required. I couldn't find any authentication library for EBay though there are many for google, facebook, twitter etc.
So I got the EBay part working. EBay basically returns (on consent of user) Email and a IEFS token which is unique to that user and wont change. I want to use those two fields only to create a authenticate user across whole application. I don't want username, emails, firstname, lastname or password that ships with django User model. The documentation is quite big and I am confused where to start, any proper suggestion will be big help. Thank you.
Here is a bit of insight, the code is yours to make :
You can extend the user model from Django and decide which field to use, you could for example create a Ebay ID field Abstract User
Once this is done you want to add the ebay ID to an user, just create an account with email and ID, the user won't need any more info
Finally allow user to connect only by email, either by overriding custom login from Django or using a package like Django Allauth
Please note that unless your site is accessible only by Ebay users, allowing user to connect with email/password is recommended.
It is perfectly doable, just make good use of the documentation
I am using janrain facebook login to login in web2py. Facebook is returning profile picture, age and other public profile details. However, I am not able to access those details. Where are those details stored?
It really depends on which Janrain product you are using. If you are using Janrain Social Login only then the Facebook information is returned as part of the authentication payload. The data is normalized into the POCO format and returned as JSON data. You need to request the extended data to get the full payload.
I'm not familiar with web2py so I can't give any guidance on settings. There is a Test Tool that you can access once you are logged into the Janrain Dashboard. The Test Tool lets you see the data that is returned from the Social Login widget. You can typically access this tool with a URL similar to this:
https://rpxnow.com/relying_parties/NAME_OF_YOUR_WIDGET/test
If you are using Janrain's Registration product the Social Login Widget becomes part of the Registration sign-in process. Instead of returning the normalized POCO payload the data is sent to the Janrain Registration server where it is stored in the Registration database in the "Profiles" plural. As a developer, you would typically use the oAuth token that is returned from the Registration server to make an "entity" call to the API and retrieve the details you need from the database. The Registration system can also be configured to return specific fields along with the oAuth token when you are using the Registration widget. However, this customization does require working with your deployment contact at Janrain.
You may want to review the API documentation for Janrain's Social Login and Registration products starting here: http://developers.janrain.com/rest-api/
There is also some Python libraries available for interacting with the Janrain Registration system (formerly called "Capture"). They can be found here: https://github.com/janrain/janrain-python-api
I have started to use python-social-auth in a django project to authenticate the users from google, linkedin, and potentially other sources. I was able to integrate it to my project, and to create new users with both google and linkedin. I understand the concept of pipeline but something remains unclear to me,
How to differentiate login and signup? It seems to me that python-social-auth has a single pipeline for both login and signup actions.
I am using the url for signup
'/login/linkedin/'
Now i have one login page url
'people/login/'
which has two buttons one is google login and another is linked in login. Now when new user comes on login page and he clicks on linkedin login, ideally it should tell him or show him the page that you are not registered through linked.
but python social auth has only one backend for login. So how to separate the login and signup in python social auth.
You are correct to think that python-social-auth has a single pipeline for both login and signup.
You have probably noticed that there is a method called create_user in the pipeline:
# Create a user account if we haven't found one yet.
'social.pipeline.user.create_user'
If we take a look at the source code, that login flag is set here:
if user:
return {'is_new': False} # flag that it should log in the user
and registration is a little below:
return {
'is_new': True, # this is a flag that tells the rest of the pipeline that the user should be registered
'user': strategy.create_user(**fields) # this is where object is created
}
that strategy.create_user eventually uses create_user method of your user model.
Now, you want to show a different page before registration, right?
There is a concept partial pipeline in python-social-auth, which allows to cut the process of the pipeline, do something custom and resume the pipeline after that.
To do that, you create a view and decorate it with #partial decorator. Something like this:
#partial
def show_custom_page(strategy, details, user=None, is_new=False, *args, **kwargs):
# show your page here
Have a look at this example of partial pipeline.
Then, add the path to this view to the SOCIAL_AUTH_PIPELINE.
That is it, it should now show your page.
Update
Looks like partial pipeline link is broken. You can find another example here.