Google OAuth Login
865 views
Skip to first unread message
Daniel
Nov 23, 2015, 4:44:05 AM11/23/15
to Wagtail support
Hello all,
Thinking about using Wagtail for a next project, it could be possible to use Google oAuth (1|2) and replacing the username/password flow
for user registration and login? It would be a Google Apps domain.
If so, any ideas to go investigate and go further?
Thanks.
Matthew Westcott
Nov 23, 2015, 3:59:07 PM11/23/15
to wag...@googlegroups.com
Hi Daniel,
We've integrated Wagtail with other authentication backends such as LDAP before, although I'm not sure if we've implemented any that bypass the username/password view completely. Wagtail doesn't use the standard Django LOGIN_URL setting <https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-LOGIN_URL>, since we need to keep that free for sites with their own front-end login system - instead, it's hard-coded to call the 'wagtailadmin_login' URL (see https://github.com/torchbox/wagtail/blob/07c1779a7caca8969a36c9c1a44d4ff78bd8e6f8/wagtail/wagtailadmin/urls/__init__.py#L52 ), so it may require some patching of Wagtail core to make it work.
Either way, the first step would be find a suitable Django add-on package for OAuth - see https://www.djangopackages.com/grids/g/oauth/ .
Cheers,
- Matt
We've integrated Wagtail with other authentication backends such as LDAP before, although I'm not sure if we've implemented any that bypass the username/password view completely. Wagtail doesn't use the standard Django LOGIN_URL setting <https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-LOGIN_URL>, since we need to keep that free for sites with their own front-end login system - instead, it's hard-coded to call the 'wagtailadmin_login' URL (see https://github.com/torchbox/wagtail/blob/07c1779a7caca8969a36c9c1a44d4ff78bd8e6f8/wagtail/wagtailadmin/urls/__init__.py#L52 ), so it may require some patching of Wagtail core to make it work.
Either way, the first step would be find a suitable Django add-on package for OAuth - see https://www.djangopackages.com/grids/g/oauth/ .
Cheers,
- Matt
Daniel
Nov 24, 2015, 4:27:40 AM11/24/15
to Wagtail support
Hi again, and thanks for your answer.
We've used Django-AllAuth in vanilla Django sites previously, and it works great. [https://www.djangopackages.com/packages/p/django-allauth/]
Just wondering how to integrate it with the wagtail admin login system.
I will share any progress.
Thanks.
Peenak Inamdar
Jan 28, 2016, 4:02:42 AM1/28/16
to Wagtail support
Hi Daniel,
I'm working on a project that has a similar need, though am starting down the path of using djangae and their gauth integration - i'm running into the issue where the initial login page needs to only supply the google_user id. What progress have you been able to make?
Cheers, Peenak
Daniel
Jan 28, 2016, 4:45:48 AM1/28/16
to Wagtail support
Hello Peenak,
Finally the project needs changed so I haven't tried it so much, but I would like to know any updates people make in the subject.
Stephen Knox
Aug 10, 2017, 8:30:31 AM8/10/17
to Wagtail support
I'm interested in this too and am looking to implement the Auth0 login system flow.
Thanks
Stephen
Looking through the Github issues I assume the LOGIN_URL is no longer relevant.
Any further thoughts people have had or developments appreciated.
Thanks
Stephen
Matthew Westcott
Aug 11, 2017, 12:36:09 PM8/11/17
to wag...@googlegroups.com
Hi Stephen,
This should definitely be possible using existing Django extension packages - I believe Django OAuth Toolkit <https://django-oauth-toolkit.readthedocs.io/en/latest/> is the leading one for OAuth support. The trick to overriding the standard Wagtail login flow is to define a URL route for /admin/login/ in your urls.py, above the standard one for /admin/ . Here's an example snippet I've worked on recently (integrating Okta / SAML2 rather than OAuth, but the same principle applies):
https://github.com/gasman/bakerydemo/commit/b597bf425bbf593e6f033eff438245417f2f1707
A handy new feature in Wagtail 1.12 (release candidate just released this afternoon) is the WAGTAILUSERS_PASSWORD_ENABLED setting - this can be set to False to disable setting passwords on the Django side.
Cheers,
- Matt
This should definitely be possible using existing Django extension packages - I believe Django OAuth Toolkit <https://django-oauth-toolkit.readthedocs.io/en/latest/> is the leading one for OAuth support. The trick to overriding the standard Wagtail login flow is to define a URL route for /admin/login/ in your urls.py, above the standard one for /admin/ . Here's an example snippet I've worked on recently (integrating Okta / SAML2 rather than OAuth, but the same principle applies):
https://github.com/gasman/bakerydemo/commit/b597bf425bbf593e6f033eff438245417f2f1707
A handy new feature in Wagtail 1.12 (release candidate just released this afternoon) is the WAGTAILUSERS_PASSWORD_ENABLED setting - this can be set to False to disable setting passwords on the Django side.
Cheers,
- Matt
Tim Allen
Aug 11, 2017, 1:11:45 PM8/11/17
to Wagtail support
We're done this with django-allauth, which is fantastic. We provide login via FB, Google or Twitter. After an account is created or linked, you can simply change the account permissions in the Django admin. Then people with appropriate access can hit the Wagtail admin. We just leave the Wagtail login there, for Django-only accounts not linked to a third party login.
Regards,
Tim
Stephen Knox
Aug 17, 2017, 9:02:06 AM8/17/17
to Wagtail support
Thanks all,
Think I'm going to use https://github.com/mozilla/mozilla-django-oidc which is pretty easy to configure with Django - and thanks for the Wagtail tips!
Stephen
Reply all
Reply to author
Forward
0 new messages