I'm trying to implement social auth with google-oauth2. I almost implemented it, but I'm confused about first-time social visitor scenario:
Suppose the social user visited my site for the first time and attempted to authenticate with Google. In this case he won't be logged in, but only registered on my website.
In order to log in this user has to click on Google authentication button the second time, and now, when he has already registered on my system the logging in will be successful.
Questions:
Is it a standard routine for the first time visitors?
Is it possible to log the social user on the first attempt?
I'm using the following social auth pipeline:
SOCIAL_AUTH_PIPELINE = (
# Get the information we can about the user and return it in a simple
# format to create the user instance later. In some cases the details are
# already part of the auth response from the provider, but sometimes this
# could hit a provider API.
'social_core.pipeline.social_auth.social_details',
# Get the social uid from whichever service we're authing thru. The uid is
# the unique identifier of the given user in the provider.
'social_core.pipeline.social_auth.social_uid',
# Verifies that the current auth process is valid within the current
# project, this is where emails and domains whitelists are applied (if
# defined).
'social_core.pipeline.social_auth.auth_allowed',
# Checks if the current social-account is already associated in the site.
'social_core.pipeline.social_auth.social_user',
# Associates the current social details with another user account with
# a similar email address. Disabled by default.
'social_core.pipeline.social_auth.associate_by_email',
# Send a validation email to the user to verify its email address.
# Disabled by default.
# 'social_core.pipeline.mail.mail_validation',
# Make up a username for this person, appends a random string at the end if
# there's any collision.
'social_core.pipeline.user.get_username',
# Create a user account if we haven't found one yet.
'social_core.pipeline.user.create_user',
# Create the record that associates the social account with the user.
'social_core.pipeline.social_auth.associate_user',
# Populate the extra_data field in the social record with the values
# specified by settings (and the default ones like access_token, etc).
'social_core.pipeline.social_auth.load_extra_data',
# Update the user record with any changed info from the auth service.
'social_core.pipeline.user.user_details',
)
Thank you in advance for advises, answers, and comments!
Related
I'm trying to associate user with multiple social accounts in Django Rest Framework.
After user login, user can associate with social accounts (it doesn't matter same email or different email).
Now I am using the library drf-social-oauth2.
I have done signIn/singUp part. According to Social_Auth_Pipeline, I added this code to associate user
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
)
The endpoint "http://localhost:8000/auth/convert-token" can handle the singin/singup using social auth.(eg. Facebook, Google)
social_core.pipeline.social_auth.associate_by_email managed to associate the user if same email.
My Question is
How can I connect/associate Social Accounts (* different email/same email) with current login user using drf_social_oauth2?
Do I need to add field in user table to associate? OR Do I need to add something to setting.py?...
Please advise me.
Thank you.
I have been coding my project using a single DB and tenant_ids for each entry
I wanted to switch to django-tenant and have schema based app.
My question is about the initial registration. Registration should be a shared app but do i need to create a tenant for "public" regardless so that everyone becomes that tenant when they are registering? And do you add this public tenant with a script onetime when you set up the project so that you have a "public" tenant.
Creating a tenant for public feels a bit odd.
Or what would be the registration sequence be like( Ideally registration should create the tenants)
Ideally my flow should be : you register a tenant with an email so that when tenant registers it sends an email and when you activate that mail you create your first user (admin user) for that tenant.
Okay so, ordinary Django allows you to simply:
if request.user.is_authenticated:
I want to be able to do the same in Pyrebase. Have the views sort of already know which user has logged in based on the current session without having to sign the user in in all views.
I have tried:
def sign_in(request):
user = firebase.auth().sign_in_with_email_and_password('email', 'password')
user_token = firebase.auth().refresh(user['refreshToken']
request.session['session_id'] = user_token
I noticed this creates a session ID for me. But I don't know how to associate it with the current user and I know it has something to do with the refresh token.
If I don't check authentication, anyone can visit any page of my site without signing in.
I'd like to implement phone verification with pyotp in my view class-based Django (2.5) project.
After new users sign up (specifying name, phone, e-mail and password) in RegisterView, they should be redirected to GetAccessCodeView with an input field for verification code and a hidden field with a secure token. For generating and sending the code and the token I have to pass there a newly created user instanse from RegisterView to GetAccessCodeView.
How can I do that? Currently newly created users have is_active field set to False (it should become True after code succesful verification), thus cannot be authorized by default, so without changing login procedure, it is impossible to use request.user directly. But if I let inactive users to log in, then all the login_required views will let unconfirmed users to open corresponding pages. Should I write is_active check for each view manually or maybe Django has some ready stuff like 'login_and_active_required'? Or maybe there is some different solution?
I currently use the "Google Accounts API" to allow users to login to my GAE app. So I use users.create_login_url and users.get_current_user and add an ndb.UserProperty to my own user entity so that I can retrieve data for that user.
I'm now in the process of switching to oauth2 (using authomatic).
I need to convert all of my existing user accounts to oauth2 and I'd like to make this as easy as possible for my users. This is my current plan:
Change the login from users service to oauth2.
After the user logs in, it will look like a new account and the user will not see his or her previous data.
I'll add a prominent message asking the user to login with the old users service.
I'll then merge the old users service account with the oauth2 account.
This should work, but it will be a little confusing for the users. Is there a better way of doing this?
I'll explain how I ended up doing this in case it helps others.
I call my users managers and I have a Manager entity for each user:
class Manager(ndb.Model):
user_account = ndb.StructuredProperty(UserAccount))
linked = ndb.BooleanProperty(default=False)
user = ndb.UserProperty()
The user property is the old users service account that I will get rid of. The user_account property stores info to identify the Oauth2 account:
class UserAccount(ndb.Model):
provider = ndb.StringProperty(required=True)
id = ndb.StringProperty(required=True)
name = ndb.StringProperty()
email = ndb.StringProperty()
Essentially, for each manager, I want to set a value for user_account (Oauth2 login) and remove user (old user account). I want to do this with minimum burden on the manager.
When the user has recently logged in under the old user account, that cookie will sill be active. Now, however, the user is logging in with an Oauth2 account. After logging in with Oauth2, we check to see if the old user account cookie is still active. If so, we merge the accounts automatically. Here is a sketch of the handler.
class ManagerPage(webapp2.RequestHandler):
def get(self):
# This returns a Manager entity after the user has logged in with
# Oauth2. If the user is logging in for the first time, this will
# be a blank Manager entity.
self.get_manager()
# Temporary processing to link accounts. If the user is still logged
# as a Google user (because that cookie hasn't expired), then we
# automatically transfer their old information to the new Manager
# entity. In doing the conversion below, manager.linked is set to
# True so this can't happen more than once. Now that the Manager
# entity has been updated, redirect back to the same page.
gae_user = users.get_current_user()
if not manager.linked and gae_user:
manager.convert_old_manager(gae_user)
self.redirect("/manager")
# Present info to the manager
...
template = JINJA_ENVIRONMENT.get_template("manager.html")
self.response.write(template.render(template_values))
If the old user account cookie is not active, then I have a link in the above manager page that asks the user to link the old account with the new account. When the user logs in with the old account, they are redirected to the above Manager Page, and the account is automatically linked.