Menu
I'm using OAuth2 with django-oauth-toolkit django-rest-framework.
I usually authenticate my users the following way, in order to get a token:
curl -X POST -d "grant_type=password&username=new_user&password=new_user" -u "GZwzDjPM89BceT8a6ypKGMbXnE4jWSzsyqbM3dlK:" http://localhost:8000/o/token/
Is there a way to use the email instead of the username to authenticate my users?
Thanks!
442
OAuth2 is not an authentication (login) protocol! The purpose of OAuth2 Tokens is to authorize requests at a first party server (or API). If the third party uses the OAuth2 Access Token as proof of authentication, an attacker could easily impersonate a legitimate user.
OAuth 2.0 is an authorization protocol and NOT an authentication protocol. As such, it is designed primarily as a means of granting access to a set of resources, for example, remote APIs or user's data.
Yes! it is possible by setting the email as username in User model.
class User(AbstractBaseUser, PermissionsMixin):
email = models.EmailField(
verbose_name='email address',
max_length=255,
unique=True,
)
first_name = models.CharField(max_length=30)
last_name = models.CharField(max_length=30)
USERNAME_FIELD = 'email'
then email can now be used as username in the request.
curl -X POST -d "grant_type=password&[email protected]&password=new_user" -u "GZwzDjPM89BceT8a6ypKGMbXnE4jWSzsyqbM3dlK:" http://localhost:8000/o/token/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
