Interacting between django-social-auth and a mobile app

[Jerome Leclanche]

Morning

I have django-social-auth with Google and Facebook integrated on a django site. It works great on the site, but I have to provide an API for the mobile app to authenticate against.

I'm using tastypie for the API and I'm guessing I would have to write a custom Authentication class for it. How should I implement this? I need some way to either let django know the authentication was valid, or it needs to happen inside the API which might be tricky.

Any idea?

[Matías Aguirre]

Excerpts from Jerome Leclanche's message of 2012-08-20 23:18:18 -0300:

How do you plan to do the authentication? Maybe storing a UUID per user and use
it on every request sent? That way a middleware can load the user in to the
request and pass any login_required check. Or a cookie? Do you have a login
form in your mobile app?

> Any idea?
--
Matías Aguirre (matias...@gmail.com)

[Jerome Leclanche]

There's no form, just a "Sign in with Facebook" button. The issue is with the actual authentication - Should the interaction with facebook be implemented on the mobile app, or as an API with django-social-auth? If it's implemented on the phone, I run into the issue of not knowing anything about the oauth request that happened. How would I figure that out?

J. Leclanche

[Matías Aguirre]

Excerpts from Jerome Leclanche's message of 2012-08-20 23:59:11 -0300:

> There's no form, just a "Sign in with Facebook" button. The issue is with
> the actual authentication - Should the interaction with facebook be
> implemented on the mobile app, or as an API with django-social-auth? If
> it's implemented on the phone, I run into the issue of not knowing anything
> about the oauth request that happened. How would I figure that out?

Maybe I'm a bit lost with your problem. Is this app based on some web framework
(Sencha, Phonegap, JQMobile, etc)? If that's the case, then why not redirect
the user to /login/facebook/? Once the user is authenticated, the calls to the
API will be authenticated.

Or your could implement the sign in process in the mobile app, it's not hard,
just a redirect and a call to facebook API to retrieve some data, once you got
the user id from Facebook, you can call your API to authenticate using that
user id. This might not be secure since it could be easy to spoof other users
IDs easily.

> J. Leclanche
>
> On Tue, Aug 21, 2012 at 3:51 AM, Matías Aguirre <matias...@gmail.com>wrote:
>
> > Excerpts from Jerome Leclanche's message of 2012-08-20 23:18:18 -0300:
> > > Morning
> > >
> > > I have django-social-auth with Google and Facebook integrated on a django
> > > site. It works great on the site, but I have to provide an API for the
> > > mobile app to authenticate against.
> > >
> > > I'm using tastypie for the API and I'm guessing I would have to write a
> > > custom Authentication class for it. How should I implement this? I need
> > > some way to either let django know the authentication was valid, or it
> > > needs to happen inside the API which might be tricky.
> >
> > How do you plan to do the authentication? Maybe storing a UUID per user
> > and use
> > it on every request sent? That way a middleware can load the user in to the
> > request and pass any login_required check. Or a cookie? Do you have a login
> > form in your mobile app?
> >
> > > Any idea?
> > --
> > Matías Aguirre (matias...@gmail.com)
> >

--
Matías Aguirre (matias...@gmail.com)

[Jerome Leclanche]

On Tue, Aug 21, 2012 at 4:17 AM, Matías Aguirre <matias...@gmail.com> wrote:

Excerpts from Jerome Leclanche's message of 2012-08-20 23:59:11 -0300:

> There's no form, just a "Sign in with Facebook" button. The issue is with
> the actual authentication - Should the interaction with facebook be
> implemented on the mobile app, or as an API with django-social-auth? If
> it's implemented on the phone, I run into the issue of not knowing anything
> about the oauth request that happened. How would I figure that out?

Maybe I'm a bit lost with your problem. Is this app based on some web framework
(Sencha, Phonegap, JQMobile, etc)? If that's the case, then why not redirect
the user to /login/facebook/? Once the user is authenticated, the calls to the
API will be authenticated.

Or your could implement the sign in process in the mobile app, it's not hard,
just a redirect and a call to facebook API to retrieve some data, once you got
the user id from Facebook, you can call your API to authenticate using that
user id. This might not be secure since it could be easy to spoof other users
IDs easily.

Hm, yeah, that was my concern =/ Going to look into the alternative. Thanks, I'll ping back if I run into more trouble.

[Jérôme GUIARD]

Hi,

I'm having the same thing to do.

I'm running a django application connected to mobile devices through Tastypie and i can connect to some social networks with django-social-auth. 

The problem is has i'm using a mobile authentication i do not have cookies and sessions to know which user tried to connect.

How did you figer it out?

Thank you

Jérôme

[kimsterv]

Hey guys,

I'm in the same boat now trying to figure this out with a Facebook backend. An iPhone app needs to use Facebook's SDK to authenticate the user. Once the user authenticates with facebook, I'll have their access_token and facebook ID. Is there a way to pass these values to django-social-auth and kickstart the process to create the django user and store their extra data? I'm not seeing an obvious way to do this, so might just roll my own backend for facebook. Thoughts?

-Kim

[Matías Aguirre]

Hi,

I've just pushed an small change[1] that will enable the feature requested on
this thread, basically the change splits the auth_complete() view in two
sections, pre access-token and post access-token (with the first section
calling the second in the usual auth flow). But this will enable views like
this:

from django.contrib.auth import login
from django.shortcuts import redirect
from social_auth.decorators import dsa_view


@dsa_view()
def register_by_access_token(request, backend, *args, **kwargs):
access_token = request.GET.get('access_token')
user = backend.do_auth(access_token)
if user and user.is_active:
login(request, user)
return redirect('/')

I'm not convinced in provide such view on DSA yet, but at least the integration
with client side auth should be easier to setup.

Cheers,
Matías

Excerpts from kimsterv's message of 2012-11-05 16:03:20 -0200:

--
Matías Aguirre (matias...@gmail.com)

[Matías Aguirre]

Forgot the link reference:

https://github.com/omab/django-social-auth/commit/cf0e512a9cec8b9c6b8d48cf522b6a07fa4ac3fe

Excerpts from Matías Aguirre's message of 2012-11-08 00:09:48 -0200:

[Kim Vogt]

Thanks Matias! I've made a note to check this out, but yesterday rolled my own non-pretty solution...

[C Ming Chan]

kimsterv  - I've the same need. 

Our mobile-app is running inside phone-gap and user logs to facebook & will be able to get authResponse...

{
    status: 'connected',
    authResponse: {
        accessToken: '...',
        expiresIn:'...',
        signedRequest:'...',
        userID:'...'
    }
}

How do you solve the problem??

[Kim Vogt]

I solved it by following the code Matias posted earlier in the thread. For facebook, I get the access token from a request (should be encrypted since access token is sensitive data) and call:

social_auth_backend = get_backend('facebook', request, '')
user = social_auth_backend.do_auth(access_token)

Which creates the user (if new) and authenticates them. The authentication part doesn't matter if you're building a stateless API though.

Hope that helps.

-Kim

[C Ming Chan]

Thanks... managed to follow it and it works...

[Trent Jurewicz]

Having this same issue.  I've created the view specified above, but it doesn't work.  Can somebody provide a sample of the 'access_token' GET parameters (with sensitive information removed) for this?  I cannot figure out what gets passed to make this work correctly.  I get an error further down the stack due to the access_token being a unicode string.

[Trent Jurewicz]

I've actually realized that the issue I am having only occurs with Twitter social auth.  Should this hook work for Twitter?

[Matías Aguirre]

Do you have a traceback?

Excerpts from Trent Jurewicz's message of 2013-02-12 14:59:58 -0200:

--
Matías Aguirre (matias...@gmail.com)

[Trent Jurewicz]

The issue with twitter actually has to do with the format of the access_token.  The access_token value has to be URL encoded.  For example, with an access_token like:

{"access_token": "oauth_token_secret=sdlkmewoiALSDOIEeoi20983joeieoic&oauth_token=395857209-LKEmeicoi33840LEeicmeoitu"}

The URL to hit with the access GET parameter is:

http://localhost:8000/api/v1/register/facebook/?access_token=oauth_token_secret%3DsdlkmewoiALSDOIEeoi20983joeieoic%26oauth_token%3D395857209-LKEmeicoi33840LEeicmeoitu

Hope that helps others!

[Matías Aguirre]

I've pushed this small change [1], could you give it a try?

[1]: https://github.com/omab/django-social-auth/commit/c36277b42da086d71a9e6223759dfb665fd7b4fb

Thanks,
Matías

Excerpts from Trent Jurewicz's message of 2013-02-12 15:30:50 -0200:

> > Matías Aguirre (matias...@gmail.com <javascript:>)
> >
>
--
Matías Aguirre (matias...@gmail.com)

[Trent Jurewicz]

That works for me!

[Matías Aguirre]

Great, I've released v0.7.20 carrying this fix.

Excerpts from Trent Jurewicz's message of 2013-02-12 15:50:20 -0200:

[Boris Savic]

I'm having similar issues using the method you provided with facebook. I pass the token (non encoded) as GET parameter but the do_auth method returns None - does not create or login user if he already exists. 

Any ideas what I might be doing wrong?

[Boris Savic]

I've got method:

def register_by_access_token(request, backend, *args, **kwargs):

    access_token = request.GET.get('access_token')

    user = backend.do_auth(access_token)

    if user and user.is_active:

        login(request, user)

        # return user token

    return redirect('/')

The token is correct, if I go inside the implementation of do_auth i can see that data = self.user_data(access_token) contains all the user information, but after calling autheticate the response is None

[Devang Mundhra]

Thanks for the fix. I am trying to do a similar thing where a user logs in on a mobile device, but that login information needs to be pushed to the backend and this helps-

    @dsa_view() 
    def register_by_access_token(request, backend, *args, **kwargs): 
        access_token = request.GET.get('access_token') 
        user = backend.do_auth(access_token) 
        if user and user.is_active: 

            login(request, user) <-- Is this necessary if I just need the user information?
        return redirect('/') <-- Is there a way to distinguish between newly created users and old users to send an appropriate response code with the data instead of this http response

Two questions-

1. If I just want to use this in a REST-type fashion, trying to send responses back, is it necessary to do the login(request, user)? I think the behaviour would still be correct if I simple send the "user" information back in JSON or XML without actually logging in.

2. Is there a way to differentiate between creating a new user (to send a 201-Created response with the location of the user) and fetching a previously registered user (Response 202)?

Thanks.

[Matías Aguirre]

Hi, check my answers below.

Excerpts from Devang Mundhra's message of 2013-08-14 06:32:43 -0300:

> Thanks for the fix. I am trying to do a similar thing where a user logs in
> on a mobile device, but that login information needs to be pushed to the
> backend and this helps-
>
> @dsa_view()
> def register_by_access_token(request, backend, *args, **kwargs):
> access_token = request.GET.get('access_token')
> user = backend.do_auth(access_token)
> if user and user.is_active:

> login(request, user) *<-- Is this necessary if I just need the
> user information?*
> return redirect('/') *<-- Is there a way to distinguish between

> newly created users and old users to send an appropriate response code with

> the data instead of this http response*

>
> Two questions-
> 1. If I just want to use this in a REST-type fashion, trying to send
> responses back, is it necessary to do the login(request, user)? I think the
> behaviour would still be correct if I simple send the "user" information
> back in JSON or XML without actually logging in.

I suppose you don't need to login the user, depends on you particular project.

> 2. Is there a way to differentiate between creating a new user (to send a
> 201-Created response with the location of the user) and fetching a
> previously registered user (Response 202)?

You can check for user.is_new, but do it before calling login() since login
resets the user instance.

[Prince Arora]

Where do you import the get_backend function from ? 

I am using python-social-auth.

Thanks

[Matías Aguirre]

Prince, on python-social-auth you get that from social.backends.utils, but the
syntax changed a little, you need to pass the backends list to it too, you can
try with this code snippets:

from django.conf import settings
from social.backends.utils import get_backend

backend = get_backend(settings.AUTHENTICATION_BACKENDS, 'facebook')

or if you have the strategy:

backend = get_backend(strategy.backends, 'facebook')

Matías

Excerpts from Prince Arora's message of 2013-10-05 12:54:10 -0300:

--
Matías Aguirre (matias...@gmail.com)

[Prince Arora]

Hi Matias, 

I tried using your snippet, but it still asks for a strategy. I am new to python-social-auth, and using it in a native android app. I do not require login, and just need to send back the username fro the access token. The current code is :

def register_by_access_token(request, *args, **kwargs):

    access_token = request.GET.get('access_token')

    backend = get_backend(settings.AUTHENTICATION_BACKENDS,'facebook')

    social_auth_backend = backend()

    user = social_auth_backend.do_auth(access_token)

    if user and user.is_active:

        return user.username

The error traceback is pasted here:

http://dpaste.com/1408683/

[Matías Aguirre]

Try this code instead:

from social.apps.django_app.utils import strategy

@strategy()
def register_by_access_token(request, backend):
backend = request.strategy.backend
user = request.user
user = backend.do_auth(
access_token=request.GET.get('access_token'),
user=user.is_authenticated() and user or None
)

if user and user.is_active:
return user.username

The URL to this view should be in the form:

'^register-by-access-token/(?P<backend>[^/]+)/$'

Matías

Excerpts from Prince Arora's message of 2013-10-07 12:57:31 -0200:

[Fco. Javier Velasco Arjona]

Hi!

I'm running into a similar issue. I'm using social-auth in my Django project and now I'm developing a RESTful API with Django Rest Framework. I assume that the client is going to send me the auth token for Facebook and I want to verify the token against Facebook. Once the credentials are valid I'm going to generate a private token to communicate with the client so, I'm using:

social_auth_backend = get_backend('facebook', request, '')

user = social_auth_backend.do_auth(auth[1], None)

But I'm getting redirected by do_auth function. How can I log in or register a user without the redirect?

Many thanks!

[Matías Aguirre]

Do you have any custom pipeline that do a redirect? To which URL is the
redirect?

Excerpts from Fco. Javier Velasco Arjona's message of 2013-10-07 14:00:49 -0200:

[Fco. Javier Velasco Arjona]

Well, I meant a HTTP Response... I'm giving a fake Token and getting a 302 response with no body after the call. I just want to verify the credentials/create the user. No pipeline, just the function call.

[Matías Aguirre]

And which is the location of the 302?

Excerpts from Fco. Javier Velasco Arjona's message of 2013-10-07 14:12:09 -0200:

[Prince Arora]

Thanks a lot Matias, this seems to work. I just added the code to send the username as a json in HttpResponse.

I still have to figure out the exact flow for new user creation though, as this just checks for the old users.

Prince Arora

--
You received this message because you are subscribed to the Google Groups "Django Social Auth" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-social-a...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Fco. Javier Velasco Arjona]

Same as the initial call. I've defined /api/get-token/ to request the custom app token passing facebook one (the app should get it by it own). Example:

curl -X POST http:/localhost/api/v1/api-token -H "Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b" and I'm getting:

"POST /api/v1/api-token HTTP/1.1" 302 0

The view is empty, I'm just parsing the header and calling do_auth function after getting the backend instance. I'm not giving a response, so the proper behavior should be to raise an exception.

Many thanks for your time BTW 

[Matías Aguirre]

There's any decorator in the view?

Excerpts from Fco. Javier Velasco Arjona's message of 2013-10-07 14:34:43 -0200:

--
Matías Aguirre (matias...@gmail.com)

[Fco. Javier Velasco Arjona]

Nope, the code is for Django Rest Framework:

class ObtainAuthToken(APIView):

    throttle_classes = ()

    permission_classes = ()

    parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,)

    renderer_classes = (renderers.JSONRenderer,)

    model = Token

    def post(self, request):

        # Split by spaces and get the array

        auth = get_authorization_header(request).split()

        if not auth or auth[0].lower() != b'token':

            return None

        if len(auth) == 1:

            msg = 'Invalid token header. No credentials provided.'

            raise exceptions.AuthenticationFailed(msg)

        elif len(auth) > 2:

            msg = 'Invalid token header. Token string should not contain spaces.'

            raise exceptions.AuthenticationFailed(msg)

        social_auth_backend = get_backend('facebook', request, '')

        user = social_auth_backend.do_auth(auth[1], None)

[Devang Mundhra]

One problem I have seen with using rest framework + social auth is cached cookies. You might want to clear the cookies from the client and check.

--
You received this message because you are subscribed to a topic in the Google Groups "Django Social Auth" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-social-auth/zxOVzuQdlDQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-social-a...@googlegroups.com.

[Fco. Javier Velasco Arjona]

I don't think the problem can come from there since I'm using Curl to test, right?

I'm blocked now, please help!

To unsubscribe from this group and all its topics, send an email to django-social-auth+unsub...@googlegroups.com.

[Matías Aguirre]

I don't get how do_auth() returns a redirect since there's no code to do that,
unless there's a custom pipeline to do so. Which version of django-social-auth
are you using?

Excerpts from Fco. Javier Velasco Arjona's message of 2013-10-08 06:54:11 -0200:

> >>> > curl -X POST http:/localhost/api/v1/api-**token -H "Authorization:
> >>> Token
> >>> > 9944b09199c62bcf9418ad846dd0e4**bbdfc6ee4b" and I'm getting:

> >>> > >> > > > user = social_auth_backend.do_auth(**auth[1], None)

> >>> > >> > > >
> >>> > >> > > > But I'm getting redirected by do_auth function. How can I log
> >>> in or
> >>> > >> > > > register a user without the redirect?
> >>> > >> > > > Many thanks!
> >>> > >> > > >
> >>> > >> > > > El lunes, 7 de octubre de 2013 17:50:41 UTC+2, Matías Aguirre
> >>> > >> escribió:
> >>> > >> > > > >
> >>> > >> > > > > Try this code instead:
> >>> > >> > > > >
> >>> > >> > > > > from social.apps.django_app.utils import strategy
> >>> > >> > > > >
> >>> > >> > > > > @strategy()

> >>> > >> > > > > def register_by_access_token(**request, backend):

> >>> > >> > > > > backend = request.strategy.backend
> >>> > >> > > > > user = request.user
> >>> > >> > > > > user = backend.do_auth(

> >>> > >> > > > > access_token=request.GET.get('**access_token'),

> >>>
> >>> > >> > > > > user=user.is_authenticated() and user or None
> >>> > >> > > > > )
> >>> > >> > > > > if user and user.is_active:
> >>> > >> > > > > return user.username
> >>> > >> > > > >
> >>> > >> > > > >
> >>> > >> > > > > The URL to this view should be in the form:
> >>> > >> > > > >

> >>> > >> > > > > '^register-by-access-token/(?**P<backend>[^/]+)/$'

> >>> > >> > > > >
> >>> > >> > > > > Matías
> >>> > >> > > > >
> >>> > >> > > > > Excerpts from Prince Arora's message of 2013-10-07 12:57:31
> >>> > >> -0200:
> >>> > >> > > > > > Hi Matias,
> >>> > >> > > > > >
> >>> > >> > > > > > I tried using your snippet, but it still asks for a
> >>> strategy. I
> >>> > >> am
> >>> > >> > > new
> >>> > >> > > > > to
> >>> > >> > > > > > python-social-auth, and using it in a native android app.
> >>> I do
> >>> > >> not
> >>> > >> > > > > require
> >>> > >> > > > > > login, and just need to send back the username fro the
> >>> access
> >>> > >> token.
> >>> > >> > > The
> >>> > >> > > > > > current code is :
> >>> > >> > > > > >

> >>> > >> > > > > > def register_by_access_token(**request, *args,
> >>> **kwargs):
> >>> > >> > > > > >
> >>> > >> > > > > > access_token = request.GET.get('access_token'**)
> >>> > >> > > > > >
> >>> > >> > > > > > backend =
> >>> > >> > > get_backend(settings.**AUTHENTICATION_BACKENDS,'**facebook')
> >>> > >> > > > > >
> >>> > >> > > > > > social_auth_backend = backend()
> >>> > >> > > > > >
> >>> > >> > > > > > user = social_auth_backend.do_auth(**access_token)

> >>> > >> > > > > >
> >>> > >> > > > > > if user and user.is_active:
> >>> > >> > > > > >
> >>> > >> > > > > > return user.username
> >>> > >> > > > > >
> >>> > >> > > > > > The error traceback is pasted here:
> >>> > >> > > > > > http://dpaste.com/1408683/
> >>> > >> > > > > >
> >>> > >> > > > > > On Saturday, 5 October 2013 21:40:51 UTC+5:30, Matías
> >>> Aguirre
> >>> > >> wrote:
> >>> > >> > > > > > >
> >>> > >> > > > > > > Prince, on python-social-auth you get that from
> >>> > >> > > social.backends.utils,
> >>> > >> > > > > but
> >>> > >> > > > > > > the
> >>> > >> > > > > > > syntax changed a little, you need to pass the backends
> >>> list
> >>> > >> to it
> >>> > >> > > too,
> >>> > >> > > > > you
> >>> > >> > > > > > > can
> >>> > >> > > > > > > try with this code snippets:
> >>> > >> > > > > > >
> >>> > >> > > > > > > from django.conf import settings
> >>> > >> > > > > > > from social.backends.utils import get_backend
> >>> > >> > > > > > >

> >>> > >> > > > > > > backend = get_backend(settings.**AUTHENTICATION_BACKENDS,

> >>> > >> > > > > > > > > user = social_auth_backend.do_auth(**access_token)

> >>> > >> https://github.com/omab/**django-social-auth/commit/**
> >>> cf0e512a9cec8b9c6b8d48cf522b6a**07fa4ac3fe<https://github.com/omab/django-social-auth/commit/cf0e512a9cec8b9c6b8d48cf522b6a07fa4ac3fe>

> >>> > >> > > > > > > > >>>> > def register_by_access_token(**request,

> >>> backend,
> >>> > >> *args,
> >>> > >> > > > > > > **kwargs):
> >>> > >> > > > > > > > >>>> > access_token =

> >>> > >> request.GET.get('access_token'**)

> >> django-social-a...@googlegroups.com <javascript:>.

> >> For more options, visit https://groups.google.com/groups/opt_out.
> >>
> >
> >
>

--
Matías Aguirre (matias...@gmail.com)

[Fco. Javier Velasco Arjona]

I'm using django-social-auth==0.7.23

No custom pipeline... :(

The code is just what I showed...

> >> django-social-auth+unsub...@googlegroups.com <javascript:>.

[Fco. Javier Velasco Arjona]

Hi again, I have migrated to the last python-social-auth version and changed the code a little bit:

social_auth_backend = get_backend(settings.AUTHENTICATION_BACKENDS, 'facebook')

        social_auth = social_auth_backend()

        user = social_auth.do_auth(auth[1])

Where auth[1] is the token. I am getting: 

'NoneType' object has no attribute 'setting'

Please help!!! :(

[Prince Arora]

Hi Javier,

I guess we both are working on same thing :). I had a similar problem, for which Matias had suggested the following code, above in the thread.

from social.apps.django_app.utils import strategy 

    @strategy() 

    def register_by_access_token(request, backend): 

        backend = request.strategy.backend 
        user = request.user 
        user = backend.do_auth( 

            access_token=request.GET.get('access_token'), 

            user=user.is_authenticated() and user or None 
        ) 

This works for me in the case user already exists. I am still working on how to create new users when access token is not found in the database. Let me know if you come up with something.

[Matías Aguirre]

Could you share the full traceback?

Excerpts from Fco. Javier Velasco Arjona's message of 2013-10-09 13:09:29 -0200:

> >> > >> django-social-a...@googlegroups.com <javascript:>.

> >> > >> For more options, visit https://groups.google.com/groups/opt_out.
> >> > >>
> >> > >
> >> > >
> >> >
> >> --
> >> Matías Aguirre (matias...@gmail.com)
> >>
> >
>

--
Matías Aguirre (matias...@gmail.com)

[Matías Aguirre]

Hi Prince,

The user should be created automatically if the token is not found in the DB,
actually PSA doesn't identify users by their tokens since tokens change
(almost) all of the time, instead the app calls an API in the service which
returns an ID for the given user (email, user id, etc) which is then used to
identify the account in the database.

Excerpts from Prince Arora's message of 2013-10-09 13:19:51 -0200:

> >>> > >>> > >> > > > > > > > >>>> > > >>> > > Matías Aguirre (
> >>> matias...@gmail.com)
> >>> > >>>
> >>> > >>> > >> > > > > > > > >>>> > > >>> > >
> >>> > >>> > >> > > > > > > > >>>> > > >>> --
> >>> > >>> > >> > > > > > > > >>>> > > >>> Matías Aguirre (
> >>> matias...@gmail.com)
> >>> > >>> > >> > > > > > > > >>>> > > >>>
> >>> > >>> > >> > > > > > > > >>>> > > >>
> >>> > >>> > >> > > > > > > > >>>> > > >>

> >>> > >>> > >> > > > > > > > >>>> --
> >>> > >>> > >> > > > > > > > >>>> Matías Aguirre (matias...@gmail.com)
> >>> > >>> > >> > > > > > > > >>>>
> >>> > >>> > >> > > > > > > > >>>
> >>> > >>> > >> > > > > > > > >>>
> >>> > >>> > >> > > > > > > >
> >>> > >>> > >> > > > > > > --
> >>> > >>> > >> > > > > > > Matías Aguirre (matias...@gmail.com<javascript:>)
> >>> > >>> > >> > > > > > >
> >>> > >>> > >> > > > > >
> >>> > >>> > >> > > > > --
> >>> > >>> > >> > > > > Matías Aguirre (matias...@gmail.com <javascript:>)
> >>> > >>> > >> > > > >
> >>> > >>> > >> > > >
> >>> > >>> > >> > > --
> >>> > >>> > >> > > Matías Aguirre (matias...@gmail.com <javascript:>)
> >>> > >>> > >> > >
> >>> > >>> > >> >
> >>> > >>> > >> --
> >>> > >>> > >> Matías Aguirre (matias...@gmail.com)
> >>> > >>> > >
> >>> > >>> > >
> >>> > >>> >
> >>> > >>> --
> >>> > >>> Matías Aguirre (matias...@gmail.com)
> >>> > >>>
> >>> > >> --
> >>> > >> You received this message because you are subscribed to a topic in
> >>> the
> >>> > >> Google Groups "Django Social Auth" group.
> >>> > >> To unsubscribe from this topic, visit
> >>> > >>
> >>> https://groups.google.com/d/topic/django-social-auth/zxOVzuQdlDQ/unsubscribe
> >>> > >> .
> >>> > >> To unsubscribe from this group and all its topics, send an email to

> >>> > >> django-social-a...@googlegroups.com <javascript:>.

> >>> > >> For more options, visit https://groups.google.com/groups/opt_out.
> >>> > >>
> >>> > >
> >>> > >
> >>> >
> >>> --
> >>> Matías Aguirre (matias...@gmail.com)
> >>>
> >>
>

--
Matías Aguirre (matias...@gmail.com)

[Fco. Javier Velasco Arjona]

This is it:

http://f.cl.ly/items/1x1k0V2K3A1T3v0R0t3P/error.html

Many thanks!

> >>> > >> django-social-auth+unsub...@googlegroups.com <javascript:>.

[Prince Arora]

Hi Matias, 

Thanks a lot. It works exactly the way you said. Must have been some stupid mistake from my side yesterday. This really helped, thanks again :) .

Prince Arora

--

You received this message because you are subscribed to the Google Groups "Django Social Auth" group.

To unsubscribe from this group and stop receiving emails from it, send an email to django-social-a...@googlegroups.com.

[Matías Aguirre]

Looks like Prince is right, try this snippet:

from social.apps.django_app.utils import strategy

@strategy()
def register_by_access_token(request, backend):
backend = request.strategy.backend
user = request.user
user = backend.do_auth(
access_token=request.GET.get('access_token'),
user=user.is_authenticated() and user or None
)

Or try this:

from social.apps.django_app.utils import load_strategy

social_auth_backend = get_backend(settings.AUTHENTICATION_BACKENDS, 'facebook')

social_auth = social_auth_backend(strategy=load_strategy())

user = social_auth.do_auth(auth[1])

Excerpts from Fco. Javier Velasco Arjona's message of 2013-10-09 13:34:17 -0200:

> > > >>> > >> django-social-a...@googlegroups.com <javascript:><javascript:>.

> > > >>> > >> For more options, visit
> > https://groups.google.com/groups/opt_out.
> > > >>> > >>
> > > >>> > >
> > > >>> > >
> > > >>> >
> > > >>> --
> > > >>> Matías Aguirre (matias...@gmail.com)
> > > >>>
> > > >>
> > >
> > --

[Fco. Javier Velasco Arjona]

I'm really close because I've tried both and I get a 400 error: 

http://f.cl.ly/items/272u341D1j1t2v05333k/error.html

Thanks for your help

> > > >>> > >> django-social-auth+unsub...@googlegroups.com <javascript:><javascript:>.

[Matías Aguirre]

Looks like the same error page than before.

Excerpts from Fco. Javier Velasco Arjona's message of 2013-10-09 15:37:07 -0200:

> > > > > >>> > >>> > >> > > > > > > Matías Aguirre (matias...@gmail.com<javascript:>)
> >
> > > >
> > > > > >>> > >>> > >> > > > > > >
> > > > > >>> > >>> > >> > > > > >
> > > > > >>> > >>> > >> > > > > --
> > > > > >>> > >>> > >> > > > > Matías Aguirre (matias...@gmail.com<javascript:>)
> >
> > > > > >>> > >>> > >> > > > >
> > > > > >>> > >>> > >> > > >
> > > > > >>> > >>> > >> > > --
> > > > > >>> > >>> > >> > > Matías Aguirre (matias...@gmail.com<javascript:>)
> > > > > >>> > >>> > >> > >
> > > > > >>> > >>> > >> >
> > > > > >>> > >>> > >> --
> > > > > >>> > >>> > >> Matías Aguirre (matias...@gmail.com)
> > > > > >>> > >>> > >
> > > > > >>> > >>> > >
> > > > > >>> > >>> >
> > > > > >>> > >>> --
> > > > > >>> > >>> Matías Aguirre (matias...@gmail.com)
> > > > > >>> > >>>
> > > > > >>> > >> --
> > > > > >>> > >> You received this message because you are subscribed to a
> > topic
> > > > in
> > > > > >>> the
> > > > > >>> > >> Google Groups "Django Social Auth" group.
> > > > > >>> > >> To unsubscribe from this topic, visit
> > > > > >>> > >>
> > > > > >>>
> > > >
> > https://groups.google.com/d/topic/django-social-auth/zxOVzuQdlDQ/unsubscribe
> > > > > >>> > >> .
> > > > > >>> > >> To unsubscribe from this group and all its topics, send an
> > > > email to

> > > > > >>> > >> django-social-a...@googlegroups.com<javascript:><javascript:><javascript:>.

> > > > > >>> > >> For more options, visit
> > > > https://groups.google.com/groups/opt_out.
> > > > > >>> > >>
> > > > > >>> > >
> > > > > >>> > >
> > > > > >>> >
> > > > > >>> --
> > > > > >>> Matías Aguirre (matias...@gmail.com)
> > > > > >>>
> > > > > >>
> > > > >
> > > > --
> > > > Matías Aguirre (matias...@gmail.com <javascript:>)
> > > >
> > >
> > --

[Fco. Javier Velasco Arjona]

Yes sorry, this is the right one http://f.cl.ly/items/3N0p1800252L2O0F2D16/error.html

> > > > > >>> > >> django-social-auth+unsub...@googlegroups.com<javascript:><javascript:><javascript:>.

[Matías Aguirre]

The bad request is beacuse access_token is None since you pass the token in
a header while the snippet was getting it from request.GET. Change the line:

access_token=request.GET.get('access_token'),

to use your token from the headers.

Excerpts from Fco. Javier Velasco Arjona's message of 2013-10-09 15:43:53 -0200:

> > > > > > > >>> > >> django-social-a...@googlegroups.com<javascript:><javascript:><javascript:><javascript:>.

> >
> > > > > > > >>> > >> For more options, visit
> > > > > > https://groups.google.com/groups/opt_out.
> > > > > > > >>> > >>
> > > > > > > >>> > >
> > > > > > > >>> > >
> > > > > > > >>> >
> > > > > > > >>> --
> > > > > > > >>> Matías Aguirre (matias...@gmail.com)
> > > > > > > >>>
> > > > > > > >>
> > > > > > >
> > > > > > --
> > > > > > Matías Aguirre (matias...@gmail.com <javascript:>)
> > > > > >
> > > > >
> > > > --
> > > > Matías Aguirre (matias...@gmail.com <javascript:>)
> > > >
> > >
> > --

[Fco. Javier Velasco Arjona]

I was so obsessed that I didn't even notice!

Thanks!

> > > > > > > >>> > >> django-social-auth+unsub...@googlegroups.com<javascript:><javascript:><javascript:><javascript:>.

[Boboc Sabin]

Hello Matias !
Is there a way to make django-social-auth write to a different Custom User Model. I want to have 2 or 3 User  Types in my django setup.
I want when a request comes from connect.xyz.com, django-social-auth write the facebook data for the user in a table, and when the request comes from another-page.xyz.com to write in another table.
Basically I want a page for users to connect and another page where I register users of a panel(provided by me). I need to separate this two types of users. I do not want to keep them both in the same model and use profiles and a field called user_type. Do you have any ideea how I could solve this ?
Thank you very much !

[Matías Aguirre]

There's no such option on django-social-auth (or python-social-auth) since the
reference to the user model is not generic at all, it points to a table and
just one.

Excerpts from Boboc Sabin's message of 2013-12-01 20:34:33 -0200:

--
Matías Aguirre (matias...@gmail.com)

[Boboc Sabin]

Yes, I saw that, but I tought that might be a trick, or a work around. Right now, I'm trying to use 2 different models(like profiles) with a OneToOne rel to the CustomUserModel(subclassing AbstractUser). - I think is called Multiple table inherit in django doc.

--

You received this message because you are subscribed to the Google Groups "Django Social Auth" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-social-a...@googlegroups.com.

[Matías Aguirre]

Is CustomUserModel an abstract model? If it's not, then you can use that as the
user model for django-social-auth.

Excerpts from Boboc Sabin's message of 2013-12-02 05:10:05 -0200:

--
Matías Aguirre (matias...@gmail.com)

[Boboc Sabin]

class MyCM(AbstractUser): ......  and then I have another two models with OneToOneField(base.AUTH_USER_MODEL, related_name="...")

base.AUTH_USER_MODEL = "base.MyCM"

[Matías Aguirre]

And your model MyCM does have an "anstract = True" in the Meta inner-class?

Excerpts from Boboc Sabin's message of 2013-12-02 15:11:26 -0200:

--
Matías Aguirre (matias...@gmail.com)

[Boboc Sabin]

No. Why ?

[Matías Aguirre]

Then you should be able to point the model setting to that one, but you need to create the second user instance in a pipeline function. You can also overwrite the user creation pipeline with your own version.

I've my doubts about login.

No. Why ?

> > email to django-social-au

--
Matías Aguirre

[Boboc Sabin]

well in the pipeline I create the two model instances for those two types of users. I have the Custom User Model user with a field "user_type", based on that, in the pipeline I am creating the other two instances of models where I save the proper data to them. I am using AUTH_FIELDS_STORED_IN_SESSION = ['user_type'].

I have this setup:

 class MyUser(AbstractUser):                                                                                                
    user_type = models.CharField('User Type', max_length=20)                                                                      

    def __unicode__(self):
                return self.username

and then:

 class Customer(models.Model):      
     cuser = models.OneToOneField(base.AUTH_USER_MODEL, related_name='customer',                                  
         primary_key=True)                                                                                                     
     fb_id = models.CharField('Fb Id', max_length=255)                 
     fbplink = models.URLField('Fb profile', max_length=100, blank=True, null=True)                                                
     avatar = models.ImageField(upload_to=base.UPLOAD_FILE_PATTERN, blank=True, null=True)     

and the other type:

class Enduser(models.Model):

    cuser = models.OneToOneField(base.AUTH_USER_MODEL, related_name='enduser',

          primary_key=True)

     the other fields ....

[Matías Aguirre]

Then you should be able to point the model setting to that one, but you need to create the second user instance in a pipeline function. You can also overwrite the user creation pipeline with your own version.

I've my doubts about login.

El lunes, 2 de diciembre de 2013, Boboc Sabin escribió:

No. Why ?

> > email to django-social-au

--
Matías Aguirre

[Boboc Sabin]

I made a pipline in whici I'm creating those two models and write in them the info for the specific user type. For auth I am using the User from django extented with a field "user_type".