There is one problem. I need users` emails to register a new one in my application. In other words, email is required for users. But there are Facebook accounts that do not have an email attached. So, in a result, we get an error.
I see one solution: when we recognized that Facebook returned us data without Facebook, show a form where a user should enter his email, he wants to use in the application. And then we can continue register process. But how to realize this? Actually, I have no idea.
What about you?
Thanks
Python social auth partial pipelines is the feature for that, their purpose is to interact with the user to fetch extra data needed for the authentication, for instance requiring emails, confirming the email address, etc.
Check the example application at https://github.com/python-social-auth/social-examples/blob/master/example-django/example/settings.py#L216, it implements a partial pipeline that requests user email if it's missing from the authentication data.
Related
We recently took over a project that was developed in Django, which uses allauth. We are hoping to send out some additional information to users once they have signed up and confirmed their email address, is there a default/native way to do this in django-allauth? At the moment the system uses email_confirmation_message.txt to configure the email for users to confirm their email address, but we couldn't find something similar once the account is confirmed.
Yes, there is a way: django-allauth emits signals in various phases of the user signup process, including a signal when the user confirms their email:
allauth.account.signals.email_confirmed(request, email_address)
Adding a listener for that signal should solve your problem.
Created a Flash Restful API with various end points for my website. Some endpoints need the users username and password to get user specific data. I’m currently sending these as parameters in the API call but I’m assuming this isn’t secure so how does one do this safely?
There are plenty of differing ways to do this but it's generally accepted that using tokens, which can be revoked, are a more secure way of doing auth than using a username/password combo. This is due to the inability to retract a username/password if they got leaked.
I'd suggest reading the following blog by Miguel. He explains password authentication followed by tokens.
Miguel Grinberg
you can make a seperate api route that acts as a login and returns a sessionID/token on a successful login that can be used for authenticating to those endpoints you mentioned.
I'm attempting to make SOQL queries to the Salesforce API using the Python salesforce_api and simple-salesforce modules. I had been making these requests with a client object:
client = Salesforce(username='MY_USERNAME',
password='MY_PASSWORD',
security_token='MY_SALESFORCE_SECURITY_TOKEN')
a = client.query("SELECT something FROM some_object_table WHERE some_condition")
However, my company recently restricted Salesforce sign-in through SSO only (you used to be able to login directly to Salesforce without SSO), and the funciton is throwing either:
simple_salesforce.exceptions.SalesforceAuthenticationFailed: INVALID_SSO_GATEWAY_URL: the single sign on gateway url for the org is invalid
Or:
salesforce_api.exceptions.AuthenticationMissingTokenError: Missing or invalid security-token provided.
depending on which module I use. I suspect this is because of the SSO implementation.
I've seen the docs about creating a new app through Okta, but I need to authenticate and access the API of an existing app. What is the best way to access this API with Okta IdP enabled? It there a way to have a get request to Okta return an access token for Salesforce?
Uh. It's doable but it's an art. I'll try to write it up but you should have a look at "Identity and Access Management" Salesforce certification, study guides etc. Try also asking at salesforce.stackexchange.com, might get better answers and Okta specialists.
I don't know if there's pure server-side access to Okta where you'd provide OAuth2 client, secret, username and password and it'd be silently passed to login.
If your app is a proper web application that needs human to operate - you can still make it work with SSO. You'd have to read about OAuth2 in general (you saw it on the web, all the "login with Google/Facebook/LinkedIn/Twitter/..." buttons) and then implement something like this or this. Human starts in your app, gets redirected to SF to enter username and password (you don't see password and you don't care whether he encountered normal SF login page or some SSO), on success he/she is redirected back and you receive info that'll let you obtain session id (sometimes called access token). Once you have access token you can make queries etc, it's just a matter of passing it as HTPP Authorization Bearer header (simple-salesforce docs mention session id at top of the examples).
Look, I know what I've written doesn't make much sense. Download Data Loader and try to use it. You might have to make it use custom domain on login but there is a way for it to still work, even though you have SSO enforced. Your goal would be to build similar app to how Data Loader does it. This might help a bit: https://stackoverflow.com/a/61820476/313628
If you need a true backend integration without human involved... tricky. That might be a management problem though. They should not enforce SSO on everybody. When Okta's down you're locked out of the org, no way to disable SSO. You should have a backup plan, some service account(s) that don't have SSO enforced. They might have crazy password requirements, maybe login only from office IP address, whatever. It's not a good idea to enforce SSO on everybody.
https://help.salesforce.com/articleView?id=sso_tips.htm
We recommend that you don’t enable SSO for Salesforce admins. If your
Salesforce admins are SSO users and your SSO server has an outage,
they have no way to log in to Salesforce. Make sure that Salesforce
admins can log in to Salesforce so that they can disable SSO if
problems occur.
(If you have a web app and it's embedded as Canvas in SF - there's another clean way to have the session id passed to you. Again - this works only if you have a human rather than backend integration)
If you check the profiles in SFDC and uncheck the box that requires SSO.
"is single sign-on Enabled [] Delegate username and password authentication to a corporate database instead of the salesforce.com user database. "
I am working on an application using Django/Python.
I am implementing Twitch Connect and I need email address of the user for my application.
My problem is that if the user has verified email id, i obtain it as apart of the django social auth pipeline in "details" argument.
However, if the user has not verified his/her email, 'email' key does not exist in details.
Is there any way I can ensure that email always flows through?
Thank you!
Twitch does not pass through unverified emails with a user's information. It's a valid API design choice.
I've successfully implemented python social auth in my django application however I noticed that twitter does not provide an email address for me to save. is there a way of extending the social auth pipeline so I can ask for a new users email address if one is not provided?
The way to do it is by extending the default pipeline with a function that checks if an email was provided and ask for one in not. Check the example application at https://github.com/omab/python-social-auth/blob/master/examples/django_example, it does that with this pipeline https://github.com/omab/python-social-auth/blob/master/examples/django_example/example/app/pipeline.py.
Basically the flow is:
User signup with twitter
That pipeline checks if the user is new and if an email was returned by the auth provider
If no email, then redirect the user to a form, otherwise continue (the form POSTs to /complete/twitter, that way the auth process will continue where it stopped)
The pipeline function is ran again, but an email is detected in the request POST data
The pipeline stores the email in the details which is used to create the user later