20

Has anyone used django-social-auth, django-registration and django-profiles together. Do they work well together? I have established social-auth but I read somewhere that django-allauth is better. Should I switch over to that?

Please advise

Update:

I have used allauth in my project and it is working fine. You don't need to use django-registration with allauth because that is integrated within. However I am using custom user profiles and that is a better option than the django-profiles.

Sachin
  • 3,672
  • 9
  • 55
  • 96

1 Answers1

34

They work fine together - I just set this up the other day (except I didn't need to use django-profiles as it's as easy to create your own).

  • A user can set up a normal account (contrib.auth) using django-registration which sends out an email to be confirmed - creating a username/email/password in the DB.
  • Alternatively they can sign in straight away with twitter/facebook/google etc. and a contrib.auth user is created for them automatically with a dummy password (and potentially no email).

Some points and limitations:

  • When you sign in with a social media profile, a contrib.auth.user is automatically created. If that username already exists, a UUID is appended - this is ugly and django-social-auth doesn't seem to deal with this problem yet - an easy solution is to allow the user to change their username after they sign up. Ideally, when you sign in with twitter you are given the chance to refine your details before they are saved to the DB (instead of after)
  • Similarly, a dummy password is set - this makes it difficult to allow the user to reset the password using the built in django password change-form as they will not be able to enter their existing password (as it's set as an unhashble string)
  • You need to consider when a user that signs up with twitter wants to later associate their facebook account - django-social-auth accounts for this and it's easy to assoicate multiple 3rd party sign ins with one account
  • Twitter doesn't disclose a users email address so you might want to prompt them to provide it to you and save it to the database - the problem with this is that you will then need to verify it which negates the whole purpose of using social-auth!

django-social-auth is a great project and is being actively developed with a group on convore Google Group that is always up to date so I would certainly suggest it. It's also very easy to set up - just be sure you have ironed out your login flow, and you know of the potential limitations of using this

EDIT:

This post is a little outdated

  • django-social-auth has become python-social-auth
  • django-allauth: OP mentioned django-allauth which has gotten popular recently. I haven't used it but it seems to be a great drop-in replacement for authentication, registration and profiles.
  • Configurable User Models: Django 1.5 introduced a configuratble User models in the auth module so you can now edit what fields you want to make use of for your user (email only, no username etc.). This is also useful if you want to add profile-like information to your user without having to join with another table (like you would with django-profiles or a OneToOne relationship with a custom profile model)
Timmy O'Mahony
  • 53,000
  • 18
  • 155
  • 177
  • Thanks a lot for the exhaustive response. Actually the thing is I will want the user's email id later in time, but for the first time I would like the user to get going instantly. Later on when they will access features which require their email, I can always ask them for one. Also when they will build their profile, they will fill in the email. I don't want them to discouraged for the first time – Sachin Oct 27 '11 at 08:17
  • 2
    Secondly is there anything that can be done about the password issue? And did u say that we can associate multiple social logins to the same account or not? Moreover since I am new to Django I am having some troubles with the templates, can you guide me to some good tutorial on how to make the templates. Or what should a good login form with both social login and native registration shiuld be like.... Also thanks a ton – Sachin Oct 27 '11 at 08:19
  • The author of social-auth has created an example page that you can login and associate multiple services with here: http://social.matiasaguirre.net/ . I haven't looked into the password issue yet but I'm sure it can be easily fixed by using custom views as opposed to the default django change_password form. If you send me an email via the email listed in my profile I will send you on my templates from a similar project – Timmy O'Mahony Oct 27 '11 at 14:25
  • Thanks for all the help. I have sent you an email on the acccount listed on your website. Thanks – Sachin Oct 27 '11 at 15:25
  • I'm just getting my feet wet with the co-existing django-registration and django-social-auth systems. Does the elimination of 'social_auth.backends.pipeline.associate.associate_by_email', middleware for security issues disable django-registration? – Marc Condon Feb 02 '13 at 18:47