Which Social Authentication package to choose with DRF ?

[Deshraj Yadav]

Hi everyone,

We are building a product based on django rest framework and we need to provide social authentication facility to the users using the token based authentication method. Since there are large number of packages out there supporting the social authentication. So, can anyone help me in choosing the appropriate package. 

Some of the packages that I know are : 

• django-rest-framework-social-oauth2
• django-rest-auth
• django-allauth 
  

Any help is really appreciated. :)

Thanks 

[Greg Barker]

I've been using python-social-auth with django-rest-framework and it has been awesome, never had any issues with it.

[Code Tarsier]

1. Use django-rest-auth, it will help you to setup ' TokenAuthentication ' + ' OAuth ' + it includes django-allauth .
2. and django-allauth helps you to setup social auth.

[Yuan Bo]

My latest experience with django-allauth and django-rest-auth is it issues you the same token if you login the same account using different client (for example, web browser, ios client, android client). And if you log out from one client, the token will be invalid and you will be forced to log out on other clients.

I suggest you use django-rest-framework-social-oauth2. It is backed by django social auth and django oauth toolkit. It issues a different token for each login from different client for the same account. Reading the documentation of django social auth and django oauth toolkit will help you understand django-rest-framework-social-oauth2.

Good luck.

[Kevin Brown]

This is a very common question, and there are a few different ways to go about doing it.

For anyone who doesn't know how OAuth works (from an outside view), the following may be helpful: http://stackoverflow.com/q/27051209/359284

You are basically left with the decision of whether you should use python-social-auth or django-allauth. The actual implementation of the standard OAuth flow works the same with both of them, so that part is mostly up to personal preference. Note that you can't use any authentication methods for your own API that require username/password authentication (which is most) because you won't have either when using social auth.

As I mentioned in that Stack Overflow question, I recommend against using django-rest-framework-social-oauth2 unless you must use native SDKs. Otherwise you are risk trusting malicious tokens send by third-party applications to your API, because the package doesn't actually validate any of the tokens that are sent in.

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[vasjaforutube1]

Has anyone looked into django-rest-social-auth? It's based on python-social-auth and just wraps its calls into REST api endpoints for cookie, token and JWT, IIRC.

[Puneet Aggarwal]

Hi Kevin,

I have some dev work using DRF-JWT. Can you please give your reviews about this.

Regards,

Puneet Aggarwall

To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsub...@googlegroups.com.

[Asif Saifuddin]

Hi,

I found https://github.com/st4lk/django-rest-social-auth very useful.

Thanks