Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

django-social-auth django-registration and django-profiles -- together

Tags:

Has anyone used django-social-auth, django-registration and django-profiles together. Do they work well together? I have established social-auth but I read somewhere that django-allauth is better. Should I switch over to that?

Please advise

Update:

I have used allauth in my project and it is working fine. You don't need to use django-registration with allauth because that is integrated within. However I am using custom user profiles and that is a better option than the django-profiles.

like image 545
Sachin Avatar asked Oct 26 '11 15:10

Sachin


1 Answers

They work fine together - I just set this up the other day (except I didn't need to use django-profiles as it's as easy to create your own).

  • A user can set up a normal account (contrib.auth) using django-registration which sends out an email to be confirmed - creating a username/email/password in the DB.
  • Alternatively they can sign in straight away with twitter/facebook/google etc. and a contrib.auth user is created for them automatically with a dummy password (and potentially no email).

Some points and limitations:

  • When you sign in with a social media profile, a contrib.auth.user is automatically created. If that username already exists, a UUID is appended - this is ugly and django-social-auth doesn't seem to deal with this problem yet - an easy solution is to allow the user to change their username after they sign up. Ideally, when you sign in with twitter you are given the chance to refine your details before they are saved to the DB (instead of after)
  • Similarly, a dummy password is set - this makes it difficult to allow the user to reset the password using the built in django password change-form as they will not be able to enter their existing password (as it's set as an unhashble string)
  • You need to consider when a user that signs up with twitter wants to later associate their facebook account - django-social-auth accounts for this and it's easy to assoicate multiple 3rd party sign ins with one account
  • Twitter doesn't disclose a users email address so you might want to prompt them to provide it to you and save it to the database - the problem with this is that you will then need to verify it which negates the whole purpose of using social-auth!

django-social-auth is a great project and is being actively developed with a group on convore Google Group that is always up to date so I would certainly suggest it. It's also very easy to set up - just be sure you have ironed out your login flow, and you know of the potential limitations of using this

EDIT:

This post is a little outdated

  • django-social-auth has become python-social-auth
  • django-allauth: OP mentioned django-allauth which has gotten popular recently. I haven't used it but it seems to be a great drop-in replacement for authentication, registration and profiles.
  • Configurable User Models: Django 1.5 introduced a configuratble User models in the auth module so you can now edit what fields you want to make use of for your user (email only, no username etc.). This is also useful if you want to add profile-like information to your user without having to join with another table (like you would with django-profiles or a OneToOne relationship with a custom profile model)
like image 98
Timmy O'Mahony Avatar answered Sep 21 '22 18:09

Timmy O'Mahony