Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django-allauth, JWT, Oauth

I have an AngularJS Single Page Application that uses a Django backend API based on the Django Rest Framework. The API is protected via django-rest-framework-jwt. I would like to use django-allauth for account management and authentication on the server side.

I am just missing one single piece in the flow: How does my Oauth-Token from the client get transferred into a JWT-token? Basically, I would like to do as described here http://blog.wizer.fr/2013/11/angularjs-facebook-with-a-django-rest-api/ based on python-social-auth.

So my question is, how do I implement the ObtainAuthToken class from the link with django-allauth?

like image 217
schacki Avatar asked Feb 04 '15 12:02

schacki


People also ask

How to integrate Google oAuth with Django?

To integrate Google OAuth features into our app, we will use django-allauth. Then register django-allauth by adding it to INSTALLED_APPS in settings.py. The line allauth.socialaccount.providers.google specifies the OAuth provider since django-allauth supports many OAuth providers.

What is JWT in Django REST framework?

On the other hand, Django REST framework JWT is detailed as " JSON Web Token Authentication support for Django REST Framework ". This package provides JSON Web Token Authentication support for Django REST framework.

What is Django-allauth?

It offers a fully integrated authentication app that allows for both local and social authentication, with flows that just work. After installing the package, register django-allauth by adding it to INSTALLED_APPS in settings.py.

Does Django support third party authentication?

Django comes with a robust built-in authentication system for users but it does not provide support for third-party (social) authentication via services like Github, Gmail, or Facebook. Fortunately, the excellent 3rd party django-allauth package does in just a few steps.


3 Answers

There are usually two login flows with social login: client-side ("Javascript SDK") and server-side. If your server needs to be authorised, it's usually a lot easier to go through the server-side flow. And that's also what all-auth does I think (and you didn't mention you use a frontend library like the blogpost you mentioned does).

Now the challenge is to provide the token from the server to the frontend. You would probably load the token in the HTML of the initialisation of the SPA, and then from Angular save the token client side (cookie, localStorage, etc.) so the session isn't lost on a refresh.

If you don't want the user to leave your app, you can open your /accounts/login/ or /accounts/signup/ url in a new window. In that new window they authorise your app, and your server receives the token upon return. There, you will have to generate a JWT token manually, and render that into the template so that javascript can access it. With js in that popup window, you can then communicate with your app that opened the popup and pass it the token – see this SO answer for an example – so it can save it.

like image 132
Tino Avatar answered Oct 01 '22 09:10

Tino


Django-allauth provides signals that let you hook into the social login process. In your case, I would recommend subscribing to the allauth.socialaccount.signals.pre_social_login signal. The code will look something like this:

from allauth.socialaccount.signals import pre_social_login

@receiver(pre_social_login)
def create_jwt_token(sender, request, sociallogin, **kwargs):
    # dig into the sociallogin object to find the new access token.
like image 42
Shay Acrich Avatar answered Oct 01 '22 08:10

Shay Acrich


We used hello.js for O-Auth at the company I worked at.

  1. You provide a shim on the Python end and get the refresh token and whatever other data needed once the user connects their social account.

  2. We redirect them via Django to the page they attempted to access from their OAuth provider's page.

Each user still has their own email account which is needed for the JWT, but you could assume that whatever email is in the scope of their social account is their email then use django's functionality to create new users: User.objects.create(email=emailStringFromOauthData) etc.

like image 40
Zargold Avatar answered Oct 01 '22 09:10

Zargold