0

I am building a rest api with Django, and I an using Django rest auth for social authentication. I believe I am doing everything right. upon visiting the route I get a response that I am to provide both access token and code for both Google and Facebook. I am lost at this point what to do. Please anyone who has an idea, please share.

I have gotten the secret key and client id from both providers and inputed them in my settings.py and django admin.

settings.py

INSTALLED_APPS = [
    ...
    'django.contrib.sites',
    ...
    'rest_auth',
    'rest_auth.registration',
    'allauth',
    'allauth.account',
    'allauth.socialaccount',
    'allauth.socialaccount.providers.google',
    'allauth.socialaccount.providers.facebook',
    ...
]

SOCIALACCOUNT_PROVIDERS = {
    'facebook': {
        'METHOD': 'oauth2',
        'SCOPE': ['email', 'public_profile', 'user_friends'],
        'AUTH_PARAMS': {'auth_type': 'reauthenticate'},
        'INIT_PARAMS': {'cookie': True},
        'FIELDS': [
            'id',
            'email',
            'name',
            'first_name',
            'last_name',
            'verified',
            'locale',
            'timezone',
            'link',
            'gender',
            'updated_time',
        ],
        'EXCHANGE_TOKEN': True,
        'LOCALE_FUNC': 'path.to.callable',
        'VERIFIED_EMAIL': True,
        'VERSION': 'v2.12',
        'APP': {
            # get the key from "https://developers.facebook.com/apps/615248019004301/settings/basic/"
            'client_id': 'code',
            'secret': 'code',
            'key': ''
        }
    },
     'google': {
        'SCOPE': [
            'profile',
            'email',
        ],
        'AUTH_PARAMS': {
            'access_type': 'offline',
        },
        'APP': {
            # get from "console.developers.google.com/" then apis then credentials then oauthclient
            # fill in http://127.0.0.1:8000/accounts/google/login/callback/ in the “Authorized redirect URI” field
            'client_id': 'code.apps.googleusercontent.com',
            'secret': 'code',
            'key': ''
        }
    }
}

SITE_ID = 1

SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter"

SOCIALACCOUNT_EMAIL_REQUIRED = ACCOUNT_EMAIL_REQUIRED

how my django admin is set up

The response i get

Opeyemi Odedeyi
  • 766
  • 1
  • 10
  • 38

2 Answers2

0

OK I'm in a similar situation and have been doing a lot of reading. Looks like you have performed all the setup correctly. And now you are trying to perform signup / login via your API from a client.

I'm going to make some assumptions as you don't provide a lot in your question by way of detail. For instance, I'm not sure what route you are visiting, or, what kind of an API client (DRF browseable API, React frontend, mobile app?) you are using. That said, it shouldn't really matter what kind of client you use, the process should be the same.

Here are the steps:

  • You will need to initiate signup / login from your API client either by rolling your own code or using whatever libraries are available for the technology you are using. For instance, Facebook provides its own JavaScript SDK. If you are using React, you could use react-facebook-login. Note that I've personally used neither so YMMV.
  • On successful authentication, at Facebook for instance, you will get a accessToken, which your client should send to your API at /rest-auth/facebook/ (or whatever you have configured in your urls.py).
  • When this flow happens, a new user should be created in your backend with all their details.

Here is an example blog post that I found where the author shows this flow for a React frontend application: https://medium.com/@pratique/social-login-with-react-and-django-ii-39b8aa20cd27.

Here is another example of a similar flow I found on SO. In the answer, the user is using the python-social-auth package instead of django-allauth but the flow is similar: https://stackoverflow.com/a/46476631/399435.

Since your client will be making requests to your API, I believe that you will also have to setup CORS correctly for such requests to succeed.

Hope that points you in the right direction. I'm going to be attempting this myself soon and if I learn that something is different, I will get back to edit this answer.

Karthic Raghupathi
  • 2,011
  • 5
  • 41
  • 57
0

As far as I understand, the problem it's that are you sending a GET request, when the login view only accept a POST request. You must change the method.

Jony_23
  • 322
  • 4
  • 12