17

I have an AngularJS Single Page Application that uses a Django backend API based on the Django Rest Framework. The API is protected via django-rest-framework-jwt. I would like to use django-allauth for account management and authentication on the server side.

I am just missing one single piece in the flow: How does my Oauth-Token from the client get transferred into a JWT-token? Basically, I would like to do as described here http://blog.wizer.fr/2013/11/angularjs-facebook-with-a-django-rest-api/ based on python-social-auth.

So my question is, how do I implement the ObtainAuthToken class from the link with django-allauth?

Iulius Curt
  • 4,984
  • 4
  • 31
  • 55
schacki
  • 9,401
  • 5
  • 29
  • 32
  • I am not an expert on this topic, but why do you need to create a token based on another token? If you want to create a JWT token, take a look at this library: https://python-jose.readthedocs.org/en/latest/jwt/api.html – Cheng Oct 31 '15 at 07:37
  • @schacki Do you find any solution about this issue? I've exactly this problem and seeking about a good solution – Moe Far Feb 03 '16 at 10:44

3 Answers3

2

There are usually two login flows with social login: client-side ("Javascript SDK") and server-side. If your server needs to be authorised, it's usually a lot easier to go through the server-side flow. And that's also what all-auth does I think (and you didn't mention you use a frontend library like the blogpost you mentioned does).

Now the challenge is to provide the token from the server to the frontend. You would probably load the token in the HTML of the initialisation of the SPA, and then from Angular save the token client side (cookie, localStorage, etc.) so the session isn't lost on a refresh.

If you don't want the user to leave your app, you can open your /accounts/login/ or /accounts/signup/ url in a new window. In that new window they authorise your app, and your server receives the token upon return. There, you will have to generate a JWT token manually, and render that into the template so that javascript can access it. With js in that popup window, you can then communicate with your app that opened the popup and pass it the token – see this SO answer for an example – so it can save it.

Community
  • 1
  • 1
Tino
  • 717
  • 1
  • 5
  • 20
1

We used hello.js for O-Auth at the company I worked at.

  1. You provide a shim on the Python end and get the refresh token and whatever other data needed once the user connects their social account.

  2. We redirect them via Django to the page they attempted to access from their OAuth provider's page.

Each user still has their own email account which is needed for the JWT, but you could assume that whatever email is in the scope of their social account is their email then use django's functionality to create new users: User.objects.create(email=emailStringFromOauthData) etc.

Zargold
  • 1,892
  • 18
  • 24
1

Django-allauth provides signals that let you hook into the social login process. In your case, I would recommend subscribing to the allauth.socialaccount.signals.pre_social_login signal. The code will look something like this:

from allauth.socialaccount.signals import pre_social_login

@receiver(pre_social_login)
def create_jwt_token(sender, request, sociallogin, **kwargs):
    # dig into the sociallogin object to find the new access token.
Shay Acrich
  • 186
  • 1
  • 4