I am using Django.
I used facebook-connect to put a Facebook login button on my page. This functionality works very well. Any user can click on the button and can log in to Facebook directly. I can also store Facebook user information, such as name and email address, in my site database.
But I would like users to be able to click on the Facebook login button and also log in to my site too. At the moment they can log in only to Facebook. How can I use the Facebook login button to also authenticate the user on my site?
Have a look at the widely used django-facebook app.
You can look to django docs:
other authentication sources
And write a custom backend:
class MyBackend(object):
def authenticate(self, username=None, password=None):
# Check the fb user is logged in, create User if needed and return a User by fbid.
Related
I have a reactjs app that already has a user logged in. I attached a link to the web app that make the user able to access Django admin page, but for now it still requires the user to login.
I'd like to bypass the login as the user is already authenticated when logging into the react app.
How do I bypass the log in page and tell django that this user is already authenticated? What if I still want to get the email from request? where can I access the request object?
EDIT:
I should specify that I would like to check for auth token which I already have in my localStorage, then authenticate the external user directly. If the auth token is not present, I should still hit the django admin login page
EDIT2:
Created a custom page just to deal with Auth0 authentication. But I'm not sure what to do next. The request.user at this point is AnonymousUser which I can't really operate on. There is no way to identify who this is (but I can successfully check if this user has permission)
I plan to create a user and give it superuser permission? Is that the right approach?
EDIT3:
login(request, request.user, backend='django.contrib.auth.backends.RemoteUserBackend')
return HttpResponseRedirect("/my/url")
and i got
'AnonymousUser' object has no attribute '_meta'
Is it part of the auth problem?
You should not "bypass the login" you need to use authorized tokens... to identify that client whos is consuming the API is really you and not the anyone else
The process is really simple, once you send username and password to your backend (django) you will retorn one autorization token to your frontend (react) and every request from your frontend you will add it to header
Use django_rest_framework or something like that (as tastypie)
http://www.django-rest-framework.org/api-guide/authentication/
I currently use the "Google Accounts API" to allow users to login to my GAE app. So I use users.create_login_url and users.get_current_user and add an ndb.UserProperty to my own user entity so that I can retrieve data for that user.
I'm now in the process of switching to oauth2 (using authomatic).
I don't know how to handle admin users after the switch to oauth2. I currently use users.is_current_user_admin to detect an admin user, but that won't work if the admin logs in with oauth2.
I see two awkward solutions:
Keep using the Google Accounts API for admin users and have regular users login with oauth2.
Store a list of oauth2 credentials for admin users (hardwired in the code or in the datastore) so admin users will be recognized after login with oauth2.
Is there a better way or should I use one of the above, and if so, which one?
I'll describe how I ended up doing it in case it is helpful for others.
Below is my Login handler. If a user goes to "/login" then it displays login buttons. When a user clicks on a button, the page redirects to, e.g., "/login/google" to do OAuth2 processing.
If I want to login as admin, then I manually enter this URL "/login/gae".
class Login(webapp2.RequestHandler):
def get(self, provider=None):
# Show the login page and allow the user to select a provider
if not provider:
template = JINJA_ENVIRONMENT.get_template("login.html")
self.response.write(template.render())
# Only for admin login. Use app engine login.
elif provider == "gae":
self.redirect(users.create_login_url("/"))
# The user has selected a provider so we do oauth2 login.
else:
session = Webapp2Session(self, session=self.session)
result = authomatic.login(Webapp2Adapter(self),
provider,
session=session,
session_saver=session.save)
...
To allow admin to logout, I conditionally put an admin logout on my web pages by creating this template variable:
logout_url = users.create_logout_url("/") if users.is_current_user_admin() else None
and adding this to my page template:
{% if logout_url %}
<li>Admin Logout</li>
{% endif %}
I'm using Django-Allauth to successfully log in with my Facebook account on my webserver. The problem is, when I use the default SignUpView to do so, the username stored in the DB is the username Facebook returns from the social login. Something like this:
<firstname>.<lastname>.<integer>
I've figured out how to connect my Facebook account with an already created standard user account ( not social ) at a later time using the view at:
/accounts/social/connections/
And how to change emails with
/accounts/email/
Can someone please show me how I can force a user to pick a non-facebook username when they log in with Facebook on my site without first creating a standard user?
Thanks!
============ EDIT =======================
So adding this to settings.py prompts for username and password to associate with facebook login, but does not prompty for a password:
SOCIALACCOUNT_AUTO_SIGNUP = False
I still need to figure out how to prompt for a password in this state.
This fixes it - inherit from SignupForm for social auth signup form.
class SignupForm(SignupForm):
I have implemented User account management into my application using Django all-auth. I have enabled login using username and password as well as with facebook connect.
The problem goes like this:
1) User visits a page http://example.com/page1/ and clicks login
2) He's taken to http://example.com/accounts/login?next=/page1/
3) When the user logs in using username and password, the user is redirected back to http://example.com/page1. But if the user logs in with facebook, he's taken to homepage.
How can I get desired behavior with Facebook login too?
You need to override the get_login_redirect_url method of django-allauth.
For this inherit the DefaultAccountAdapter class as
from allauth.account.adapter import DefaultAccountAdapter
class MyAccountAdapter(DefaultAccountAdapter):
def get_login_redirect_url(self, request):
# get the next parameter from request object and return the url
And make changes on settings.py
ADAPTER = "APPNAME.FILENAME.MyAccountAdapter"
ACCOUNT_ADAPTER = "APPNAME.FILENAME.MyAccountAdapter"
This should work !
How are you generating the Facebook login link? Most likely you are not indicating the next parameter there. The allauth documentation gives this example:
Google
To get the proper next parameter you can access request.GET.next.
I am trying to integrate django social auth for my website which will have Facebook and Google login. I am trying to customize the user model to make email as primary key.
Any advice ?
I tried creating a UserModel also but ended up with errors.
i tried creating a pipeline enter code here
from social_auth.backends.pipeline.user import create_user
def custom_create_user(request, *args, **kwargs):
print kwargs
return create_user(request, args, kwargs)
My aim is to have a site with Facebook And Google - oauth2 login with email as primary key !
Well I am doing facebook login for my ios app. What I am doing is
Login to facebook from my app and get the facebook access token
Send the facebook email and access token to the django backend
Then what I do is, instead of using the django default authenticate method which takes the username and password to authenticate a user, I overwrite my own authenticate method. Doing this is really easy just read Django Custom Authentication
In my custom authentication class I verify the email-token pair sent from the front using fb sdk for python and that is it. After than I can login the user using the django in built login