I am using python-social-auth for Google authentication in my Django application. Can I override the python-social-auth URLs ? By default, it's http://mydomain/login/google-oauth2/ and I need to change the URL as part of my view (get request) ; which has the end-point as http://mydomain/login/.
The only way to override the URLs is to define your own ones pointing to the views and link it into your main urls.py file.
If what you are after for is to make /login automatically handle the Google auth backend, then you need to define a custom view for it that can call python-social-auth views to fire up the process.
Related
By using Django framework I built multiple store based website, each having different slug.
http://127.0.0.1:8000/app/<slug:slug>
I want to open a google authentication when we visit the above URL. After the verification is complete I want to redirect them to
http://127.0.0.1:8000/app/<slug:slug>/shopitems
I had successfully implemented google authentication with static URL but not dynamic (using slug variable) like the above.
you can simply use the #login_required decorator on the view function handling the route.
If you are using class-based views, you can use LoginRequiredMixins to prevent unauthenticated users to access that route and redirect them to the login page. When they successfully log in, Django will automatically redirect them to the http://127.0.0.1:8000/app/<slug:slug>/shopitems.
I have begun to implement authentication throughout my applications in Django and have done this quite successfully with the Django login_required decorator.
However, I notice that this will always reroute to the deafault login URL: /accounts/... which is non-existent for me. I have been doing all my authentication through /admin/...
I imagine that the two are for different purposes (one for the admin users and allow access to the admin console) however, I cannot find any views for the accounts version (vs. admin). My questions are thus as follows:
What is the difference between /accounts/... and /admin/... if they use the same user models?
Are these /accounts/... views built in/templateable? How does one turn them on? Or do I need to create each manually?
Unfortunately I have found the documentation on this topic to be rather confusing and as such any help would be greatly appreciated.
If you are not logged in, Django uses the LOGIN_URL to decide which url to redirect to. By default, this is set to '/accounts/login/'.
If you use a different login url, then you should update your LOGIN_URL setting.
The disadvantage of using the Django admin to log in users, is that non-staff members will not be able to log in using the Django admin.
Django comes with authentication views, including a login view. If you want to allow non-staff members to log in, you should enable it.
The '/accounts/' is just a url that out of best practices most people when handling authentication. There are no built in templates for accounts. the '/accounts/' is just a default placed.
To change the url to fit your applications url, go to your settings.py file and you can add a LOGIN_URL variable to specify which location for the authentication to redirect to. In your case it will look like this.
LOGIN_URL = '/admin'
This will redirect all unauthenticated requests to '/admin'
I'm using Django oscar to build an eCommerce site. I have exposed every modules as an API using Oscar API. But I cant find an API for registering users by default in Oscar API.
It looks like django-oscar-api currently does not provide an endpoint for registering users, only logging in pre-existing users: https://github.com/django-oscar/django-oscar-api/blob/master/oscarapi/urls.py#L8
You will need to create a custom API endpoint that can register/create a User. You can add this endpoint by creating a new view, customizing the Oscar API and adding the endpoint to urls.py: https://django-oscar-api.readthedocs.io/en/latest/usage/customizing_oscarapi.html
I've got a site built in django that I need to make oauth2.0 requests to an external site to get the currently logged in user. Right now I'm just using a test token, however I have to actually register callbacks on my site now. How do I do this?
you must add oauth2 to the INSTALED_APPS list and add some settings constant to the settings.py of the project and append some urls on the main urls.py file of the project and ...
read the django-oauth2 doumentations.
I am using Django framework for my backend support for a mobile app.
I choose to use the original Django's views.py to get my API url mapping and dump JSON for response, rather than using other REST frameworks like Django REST Framwork or TastiPie.
Now if I make a cross domain HTTP Request from my mobile client app. normally I will get a 403 Forbidden error because of Django's built-in CSRF protection. It seems like it can only work when I exempt it explicitly before each function in views.py. My question is, is it safe to exempt the protection? If exempt csrf is not a good way to do, what suggestions do you have on my situation?
Thanks