How to manually authenticate after get django user?

Question

Im writing a facebook-connect app that login user after authenticate session on facebook, question is how can i authenticate user on django after get user object?

user = User.objects.get(email=email)
user = authenticate(username=user.username, password=user.password)
login(request, user)

Is there another way to achieve this ?

Answer 1

You don't actually need to authenticate() first if you do this (but I didn't tell you!):

user.backend = 'django.contrib.auth.backends.ModelBackend'

login(request, user)

Answer 2

There are two things you should look at and be aware of based on your question and example.

First, the way you handle alternate authentication methods (e.g. facebook oauth) are authentication backends. You can look at djangopackages.com for existing options or write your own. The backend(s) you have configured are what will define what parameters authenticate() is expecting to receive (e.g. a facebook backend wouldn't expect a password as a password doesn't make sense in that context).

Second, doing user.password won't get you the user's actual password. As a security measure, Django stores passwords as salted one-way hashes. This means that, by design, you cannot determine a user's password based on what is stored in the database.

Answer 3

authenticate() and login() each provide different tasks, and both (or the equivalent pulled from the Django code and updated for each version of Django) are required in order to log a user in.