Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is code is access token? #148

Open
UrsaCoder opened this issue Apr 13, 2021 · 10 comments
Open

is code is access token? #148

UrsaCoder opened this issue Apr 13, 2021 · 10 comments

Comments

@UrsaCoder
Copy link

basically, I install the package

and add this in setting
SOCIAL_AUTH_FACEBOOK_KEY = 'i add my FB client id'
SOCIAL_AUTH_FACEBOOK_SECRET = 'i add my FB app secret'
and I add this URL path('api/login/', include('rest_social_auth.urls_token')),]
but when I hit this API (http://localhost:8000/api/login/social/token_user/) with this json ( {
"provider": "facebook",
"code":"my acess token"
}) i am confused what is code is code is access access token? because I am getting this error "Invalid verification code format." when I add my FB acess token
@shrinidhinhegde
Copy link

yes when it comes to facebook and google, even i have the same question. facebook and google does not return a 'code' it returns an accessToken and i have the same exact problem as you do.

@rj76
Copy link

rj76 commented Jun 2, 2021

Also having this problem

@shrinidhinhegde
Copy link

so. i resolved the problem by using this. https://python-social-auth.readthedocs.io/en/latest/use_cases.html#signup-by-oauth-access-token

u don't have to use any of the packages. python social auth already has something for apis.

@imanaspaul
Copy link

@shrinidhinhegde could you please share your repo over here?

@shrinidhinhegde
Copy link

shrinidhinhegde commented Jun 3, 2021
edited

@imanaspaul no it's a private project and the link I have shared is pretty straightforward. I will share a part of my views file tho.

@api_view(['POST'])
@psa('social:complete')
@permission_classes((permissions.AllowAny,))
def SocialLogin(request, backend):
    token = request.data['code']

    if backend == 'github':
        url = "https://github.com/login/oauth/access_token/"
        payload = {
            'code': token,
            'client_id': settings.SOCIAL_AUTH_GITHUB_KEY,
            'client_secret': settings.SOCIAL_AUTH_GITHUB_SECRET
        }
        response = requests.request("POST", url, data=payload)
        m = re.search('access_token=(.+?)&scope', str(response.text))
        if m:
            token = m.group(1)
        else:
            raise Http404

    user = request.backend.do_auth(token)
    if user:
        login(request, user)
        return JsonResponse({
            'token': AuthToken.objects.create(user)[1],
            'user_id': user.id,
            # and anything else you want to return
        })
    else:
        raise Http404

you can set up a URL to this view like this

path('social-login/<str:backend>/', views.SocialLogin, name='api-social-login'),

the methods for each site(i.e. Github, Facebook, etc. is slightly different. but you just need to pass the access token in
request.backend.do_auth(<your access token here>)

I am using this view to authenticate using GitHub, Twitter, Facebook and Google and it works peacefully

@denizdogan
Copy link

Any news on this matter? The example above seems rather rudimentary and, for lack of a better word, "manual".

@denizdogan
Copy link

Looking at django-rest-framework-social-oauth2 it seems that it has some capability to "convert" a provider access token to a Django access token, using functionality from oauthlib. None of this seems to exist in the ecosystem in which django-rest-social-auth lives.

@pbeneteau
Copy link

I was also trying to implement this custom view using python_social_auth but the issue there is that I can't chose which auth backend I want (session, JWT, know, etc). So if you combine it with django-rest-social-auth and use JWT authentification it won't work because they are both not using the same authentication backend.

@st4lk
Copy link
Owner

st4lk commented Nov 19, 2022

Hey guys,
can you try:

  • clone this repo

  • specify in example project settings your app params:

     SOCIAL_AUTH_FACEBOOK_KEY = '...'
 SOCIAL_AUTH_FACEBOOK_SECRET = '...'

  • run the example project

     make

And say - is facebook auth working or not?

@sp-luciano-chinke
Copy link

sp-luciano-chinke commented Feb 8, 2023
edited

The accessToken is probably for authentication, and not for authorization. I've been struggling recently with the latest Google Sign In changes because there's not much good support for authorization through JS (it asks the user to authorize the application every time that you need to retrieve the 'code' again). This makes our current auth setup with django-rest-social-auth a bit outdated and worsens UX when loggin in. https://github.com/iMerica/dj-rest-auth gives better support for the new authentication process from google (named Google One Tap), though it needs an update to be aligned with django-allauth (PR is already open for the fix)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@denizdogan @rj76 @st4lk @pbeneteau @imanaspaul @shrinidhinhegde @sp-luciano-chinke @UrsaCoder