I have a website that essentially requires that the user be logged in to see anything. If they are not logged in then they are redirected to the front page and a login form.
I currently use Django's standard authentication and test for authentication server-side before returning the page.
I now want to add Facebook login and authentication. Does this mean that I need to make a server-side call to Facebook and verify authentication every single time that a user navigates to any page? It seems that this will add quite a number of calls and potential page delays.
Or, is this not really a concern (Facebook call is fast) or is there some other clever way that I am missing? Somehow move the call client-side where I believe that Facebook uses caching?
I've looked at some of the Django/Facebook packages, but none seem to explain the overall strategy, which is what I'm looking to understand. The tutorials that I have looked at describe how to login, but don't worry about what happens once a user logs out of Facebook.
Basically, the user logs in once using facebook (this will make a request to facebook).
once is logged in, it will behave just as a normal django user (most apps create a Django User for each facebook user)
Only when the access token is expired (the "password" for using the facebook data) than you will need to make a connection to facebook again.
Ill recommend you to use Python Social Auth which basically does everything for you.
Related
I am using django-allauth in my Django application, and my registration process is handled by Twitch, using allauth's Twitch provider. As of now, users can register on the website using Twitch, log out, and later log back in using Twitch with no problem. However, for making requests to some of Twitch API endpoints, I need the user's Twitch access token to be able to make requests on their behalf (such as following a channel, etc.).
On a very old github issues page I came upon a question regarding how to access the user's access token and the answer was to query the SocialToken model and find the logged-in user and the desired provider. But in my case my SocialToken model is empty and there are no tokens to be seen there, and I have no clue how to proceed to populate the model and add every new user's access token there, so that I can make requests on their behalf, given I have the correct scope.
Is there a way to add every new user's access token in SocialToken model? And is there a way to update the access token using the refresh token?
P.S. I'm thinking about having a celery task that makes a request to Twitch API every time a new user registers, and later refreshes the access token when it expires. But that seems like a hack, and not really a viable solution, plus, I need a user to be redirected to a certain callback URI as per Twitch API docs Maybe I'm just missing something.
My question may sound stupid, but I just want to know if this is possible to browse the web pages which needs authentication after doing the authentication with python requests library.
I've a script to login into the application, which successfully authenticate the user into application, but is there a way to reflect that in a browser like in Chrome? so that user could directly access the authenticated page without having to fill the form and login. It's happening inside my application, so I'm not breaching any privacy policy of such things.
Any suggestions would be great.
For example I authenticated myself into http://example.com/login through the script, I want to be able to directly browse http://example.com/user/home in the browser. How this could be possible?
The simplest way is to have your python application log in the web application, and the have it request an token. Then the script will open the browser, passing along the token. Your web application takes that token and uses it in lieu of the login form to authenticate your user and create their session.
Take a look at OAuth, I think it has specific workflows for this kind of scenario. Otherwise you can craft your own.
Where I work currently there are many Django projects, each running on their own VPS, and each is running under their own subdomain (foo.example.com, bar.example.com, ...) as shown in the following diagram:
What I want to do is to have a central Django Server that manages all the login process (authorization and authentication) for each application, and when a user logins in foo.example.com and then goes to bar.example.com, his session keeps active and doesn't need to enter credentials again (user/password), the same if the user logs out, he couldn't see anything on the other projects until he logins in again.
Similar as what Google does when you login on gmail.com and go to youtube.com or blogger.com (or more similar to what I want to do: you login in google.com and go to drive.google.com, photos.google.com, calendar.google.com) or any other Google's site, your session keeps active.
Is there any django-package or any other way that would help me accomplish it?
I would use the django rest framework and login with that. This will install a session cookie, which you can check every time the user opens a page that they need to be logged in for. Once the cookie expires, or django expires the cookie, the user is logged out, and pages should not be served to them if your authentication checks are good. This means that if they log in to the django server anywhere, they remain logged in, even on your page, just like with facebook or google. When they log out of the django server, anywhere, they will be logged out of your remote pages as well.
You can read more about the django rest framework authentication here.
I could not comment on #shaihulud comment because I don't have up to 50 reputations. To answer the question, I wrote an article that addresses that, for anyone that might run into this problem in the future, you can find the article here
I have created Django's registration process using django.contrib.auth and have also set up user profiles. Now I want to add an option to fetch the profile's information from third-party sites like Facebook, Twitter, and LinkedIn. I have found django-socialregistration, but I don't know how to override the default setup view. What is the best and easy solution for the task?
Here's the basic idea of the setup that I use, although it's only for Facebook:
Integrate the Facebook JavaScript SDK
Bind a JavaScript function which calls FB.login to a "login with Facebook" button, request all the permissions that you need for that user
In the function(response) section of the FB.login call, handle the returned response, then do an Ajax POST to a Django view (I use jQuery for this) which takes the response, parses it to retrieve the access token for the user and store it in the user profile object for that user.
You can then use this access_token to make Facebook Graph API requests on behalf of that user server-side, or if you want, you can actually just use the JavaScript SDK to make all your calls entirely on the client-side with lots of Ajax to interact with the Django backend.
I find this to be a much easier solution than trying to use one of the Django packages, because most of them are out of date.
I want to create an application that allows a user to register and login to a django application with an external provider. In addition, I then want the user to be able to associate additional accounts with that initial account. Finally, I would like the user to be able to login to the application with one of the other associated accounts.
So if a user initially signs in with Facebook Connect, I want them to be able to link their Google account. Then, if they log out, they can log in with their Google account (via openid) and it logs the user in as though they logged in via Facebook Connect.
Does anything like this exist already? Or do I need to write it myself?
The perfect solution for you seems to be Django-SocialAuth. See here. From the page:
Here is an app to allow logging in via twitter, facebook, openid, yahoo, google, which should work transparently with Django authentication system. (#login_required, User and other infrastructure work as expected.) Demo and Code
Edit: I'm pretty sure that SO uses django-SocialAuth for it's login system, looking at the project's demo page.