Google Authentication using django-rest-framework and python-social-auth

Question

Question in short: Login with DRF, python-social-auth and Angularjs works with Facebook but not Google.

I'm building a django app that needs to enable users to signup/login via Facebook and Google in addition to locally stored email/password combo. It works as follows:

1. For both signup and login, Angularjs initiates FB and google apis (FB.init and gapi.auth2.init) with their respective app_ids. All js libraries required for this are included in the pages.
2. Based on user's selection, both pages let user to log in using Facebook or google or let them enter their email/password combo.
3. All required info including their access_token is collected via FB or Google's API.
4. When user submits the form after filling up all relevant details (signup requires them to enter some additional data), the data including the access_token is sent to the server by an AJAX request.
5. At the server side, class based views, LoginView and SignUpView, accepts the requests and processes them. Email-based signup/login is directly handled by the code. Google/FB based signup/login is passed to python-social-auth's do_auth function for authentication.
6. When provider chosen is facebook, this works fine. When, it's Google (Tried both google-oauth2 and google-plus), do_auth eventually raises a 403 Forbidden error. When the related url, https://googleapis.com/plus/v1/people/me?access_token=ACCESS_TOKEN&alt=json is copied to the browser, it shows an error message:

Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup

7. I've made sure of the following things:
   1. Enabled Google+ API in the google developer console for the corresponding app
   2. From the google developer console, added http://localhost:5001 to javascript origin field and http://localhost:5001/social/complete to redirect uri field (Latter field is filled up later. Same result with or without it.)
   3. Generated key and copied client_id and client_secret to settings.SOCIAL_AUTH_GOOGLE_OAUTH2_KEY and settings.SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET. Double checked their accuracy.
   4. Added 'social.backends.google.GoogleOAuth2' to settings.AUTHENTICATION_BACKENDS. Tried placing here both GoogleOAuth2 and GooglePlus together and separately.
   5. Tried all these in 2-3 with PLUS also, instead of OAUTH2. Still the same result.
   6. Tried again after setting, settings.SOCIAL_AUTH_USE_DEPRECATED_API as True. This also fails but the error is now 401.

What to do next to get this working with Google authentication too? Gone through many other similar questions here and issues reported in Github.

Here's the relevant code:

class SignUpView(CreateAPIView):

    def create(self, request, *args, **kwargs):
        provider = request.data['provider']
        strategy = load_strategy(request)
        backend = load_backend(strategy=strategy, name=provider, redirect_uri=None)
        token = request.data['access_token']
        try:
            user = backend.do_auth(token, user=None, **data)
        except AuthAlreadyAssociated:
            pass

Answer 1

I've recently struggled with similar problem, but my situation was a little bit different because I'm using django-rest-framework-social-oauth2.

First of all I've noticed you enabled Google+ API, but:

Added 'social.backends.google.GoogleOAuth2' to settings.AUTHENTICATION_BACKENDS.

Try change your settings to (this is described in python social auth docs) :

AUTHENTICATION_BACKENDS = (
...
'social_core.backends.google.GooglePlusAuth',
)

SOCIAL_AUTH_GOOGLE_PLUS_KEY = '...'
SOCIAL_AUTH_GOOGLE_PLUS_SECRET = '...'

Another thing that can be useful for you is google oauth playground