I would like to have the option for a registered user to tweet/post a FB status from Django app.
I'm using python-social-auth with Facebook/Twitter enabled.
How can I add such functionality to all registered users? (for those who signed up using their FB/Twitter account and for those who didn't)
Thanks
Related
I have a reactjs app that already has a user logged in. I attached a link to the web app that make the user able to access Django admin page, but for now it still requires the user to login.
I'd like to bypass the login as the user is already authenticated when logging into the react app.
How do I bypass the log in page and tell django that this user is already authenticated? What if I still want to get the email from request? where can I access the request object?
EDIT:
I should specify that I would like to check for auth token which I already have in my localStorage, then authenticate the external user directly. If the auth token is not present, I should still hit the django admin login page
EDIT2:
Created a custom page just to deal with Auth0 authentication. But I'm not sure what to do next. The request.user at this point is AnonymousUser which I can't really operate on. There is no way to identify who this is (but I can successfully check if this user has permission)
I plan to create a user and give it superuser permission? Is that the right approach?
EDIT3:
login(request, request.user, backend='django.contrib.auth.backends.RemoteUserBackend')
return HttpResponseRedirect("/my/url")
and i got
'AnonymousUser' object has no attribute '_meta'
Is it part of the auth problem?
You should not "bypass the login" you need to use authorized tokens... to identify that client whos is consuming the API is really you and not the anyone else
The process is really simple, once you send username and password to your backend (django) you will retorn one autorization token to your frontend (react) and every request from your frontend you will add it to header
Use django_rest_framework or something like that (as tastypie)
http://www.django-rest-framework.org/api-guide/authentication/
I am developing a native frontend application which communicates with a backend rest api built using python django rest framework.
The rest framework uses django rest framework token authentication in which every user has an authorization token and the token will have to be attached to the header of every http request to the rest api in the form of “Authorization: Token ”.
My application provides the user with two main ways to login. The first one is to register an account with username and password. This will create a django User model object and a token will be generated. This login method works well.
The second login method is to login with the user's social account. My idea is whenever an user login with their facebook account, the app will be redirected to my website which will then redirect the user to the social media of their choice. After authorizing the social media api will redirect them to my website again which a user and a token will be created. Then my website will redirect back to my native app using a custom uri with the token attached in the uri like this:
myapp://authenticate#token=xhskscjndjnccjdsdc
The native app will then parse the uri and obtain the token.
The part that I am worried about is security. This method works but attaching a token in an uri seems a bit insecure to me. Is there any best practice that I can follow? Thanks!
I can propose you to use django-rest-auth for dealing with Authentification and Registration.
With that package/library you can use Social Authentication through Facebook, Twitter, Google or other provider.
I have used python-social-auth for social authentication in my django application. Now I am going to post facebook status from this application.
At first I have created a facebook app from https://developers.facebook.com/. Here are the steps I have followed ,
Create new app
Display name and namespace is given. Category selected as Games then create app.
App settings -> Add platform -> Website -> site url = test1.com:8000 -> save changes.
I have also made the application and all its live features available to the general public.
Then I have added ,
SOCIAL_AUTH_FACEBOOK_KEY='****************'
SOCIAL_AUTH_FACEBOOK_SECRET='**************************'
and
SOCIAL_AUTH_FACEBOOK_SCOPE = [
'publish_actions'
]
to settings.py .
When I run this app and start with facebook authentication it displays following popup,
And when I click on Play now button it successfully redirects to my django app's homepage and post my facebook status,
Here is my code for posting facebook status ,
social_user = request.user.social_auth.filter( provider='facebook',)[0]
graph = facebook.GraphAPI(social_user.extra_data['access_token'])
graph.put_object("me", "feed", message="here is status messgae")
But when another user [other than my facebook account] tries to authenticate this app is displaying popup like this ,
In first case I have successfully posted my status, But In second case I am [ message in second popup clearly shows that the app doesn't have any access to users wall.]
This is the error I am getting for the second case ,
GraphAPIError at /
(#200) The user hasn't authorized the application to perform this action.
My question is that , Why my app is not able to post on others wall ?
Is there is any bad configuration (or missed something) I did while creating facebook app ?
Or something else I have to add in settings.py.
The app settings are just fine. Actually, facebook recently made some significant changes and introduced v2.0 (learn more about this here)
So from now on (you can even check the warning in the first dialog)-
If your app asks for more than than public_profile, email and user_friends it will require review by Facebook before your app can be used by people other than the app's developers.
Only the testers/developers of the app can test the app with other permissions before they are reviewed by facebook.
You can check out the review documentation for more details.
I am trying to integrate django social auth for my website which will have Facebook and Google login. I am trying to customize the user model to make email as primary key.
Any advice ?
I tried creating a UserModel also but ended up with errors.
i tried creating a pipeline enter code here
from social_auth.backends.pipeline.user import create_user
def custom_create_user(request, *args, **kwargs):
print kwargs
return create_user(request, args, kwargs)
My aim is to have a site with Facebook And Google - oauth2 login with email as primary key !
Well I am doing facebook login for my ios app. What I am doing is
Login to facebook from my app and get the facebook access token
Send the facebook email and access token to the django backend
Then what I do is, instead of using the django default authenticate method which takes the username and password to authenticate a user, I overwrite my own authenticate method. Doing this is really easy just read Django Custom Authentication
In my custom authentication class I verify the email-token pair sent from the front using fb sdk for python and that is it. After than I can login the user using the django in built login
I'm trying to find a way to allow users to log into my django website using the facebook login button. (https://developers.facebook.com/docs/reference/plugins/login/) I've found a way to login with OAuth, but I cannot find a way to have the facebook login button to use OAuth instead of the SDK, or to hook the SDK into one of the django social auth apps.
I've tried several of the top auth plugins, and they either don't work at all or only use OAuth and don't support the login button.
I think that login through the facebook javascript SDK would not be able to set any session info on the django backend . DO be able to complete the django login process you will have to do that as well.
Could you possibly make an ajax request in the callback of javascript login and run the django backend login code such that you are also able to set django session info .
I should warn you this may not work at all because of CORS .