18
You can use Django Rest Auth for this which depends on django-allauth. It’s very easy to integrate.
12
You can use this libray for social authentication django-rest-framework-social-oauth2. Try this django-allauth related code
urls.py
urlpatterns = [
url(
r'^rest/facebook-login/$',
csrf_exempt(RestFacebookLogin.as_view()),
name='rest-facebook-login'
),
]
serializers.py
class EverybodyCanAuthentication(SessionAuthentication):
def authenticate(self, request):
return None
views.py
class RestFacebookLogin(APIView):
"""
Login or register a user based on an authentication token coming
from Facebook.
Returns user data including session id.
"""
# this is a public api!!!
permission_classes = (AllowAny,)
authentication_classes = (EverybodyCanAuthentication,)
def dispatch(self, *args, **kwargs):
return super(RestFacebookLogin, self).dispatch(*args, **kwargs)
def get(self, request, *args, **kwargs):
try:
original_request = request._request
auth_token = request.GET.get('auth_token', '')
# Find the token matching the passed Auth token
app = SocialApp.objects.get(provider='facebook')
fb_auth_token = SocialToken(app=app, token=auth_token)
# check token against facebook
login = fb_complete_login(original_request, app, fb_auth_token)
login.token = fb_auth_token
login.state = SocialLogin.state_from_request(original_request)
# add or update the user into users table
complete_social_login(original_request, login)
# Create or fetch the session id for this user
token, _ = Token.objects.get_or_create(user=original_request.user)
# if we get here we've succeeded
data = {
'username': original_request.user.username,
'objectId': original_request.user.pk,
'firstName': original_request.user.first_name,
'lastName': original_request.user.last_name,
'sessionToken': token.key,
'email': original_request.user.email,
}
return Response(
status=200,
data=data
)
except:
return Response(status=401, data={
'detail': 'Bad Access Token',
})
- [Django]-How to use Django model inheritance with signals?
- [Django]-Django not sending emails to admins
- [Django]-Django – Rollback save with transaction atomic
2
While I’m not quite sure how to use allauth and rest-fremework together, allauth does not offer such an endpoint.
Suggestion: make your own that does a variation of the following:
Call allauth.socialaccount.providers.facebook.views.fb_complete_login(None, socialtoken) where socialtoken is as created in login_by_token. That performs (a few functions deeper) a django.contrib.auth.login, possibly creating the acct.
After that, for use on mobile devices, it might be possible to the the auth (not FB) token: get the user data (from session?), and call rest_framework.authtoken.views.obtain_auth_token
Notes:
1. This offers no way to resolve email conflicts or connect social/local accts.
2. I haven’t tried it – please post code if you can get it working.
- [Django]-Get the index of an element in a queryset
- [Django]-How to update fields in a model without creating a new record in django?
- [Django]-How do I convert datetime.timedelta to minutes, hours in Python?
1
You could use djoser but I don’t know how it cooperates with allauth:
https://github.com/sunscrapers/djoser
- [Django]-Track the number of "page views" or "hits" of an object?
- [Django]-What is the best location to put templates in django project?
- [Django]-Override a form in Django admin