Login/Register
Python Social auth authentication via access-token fails
Asked Answered
djangoaccess-tokenpython-social-auth
S

1

18

I am currently developing a serverbackand with Django (1.7) that should handle authentication via social Networks by using python-social-auth. I followed the Tutorial on this site, which describes the process for a simple Webapp. This worked perfectly for Google and Twitter login.

Since the Server should be just a REST-FULL Backend I decided to get the Access-Token on the client side and send it to the server. The server than will authenticate with it. This process should be no problem and is even given as an example in the docs of python-social-auth.

However if I do set everything up I will receive an error that says: "Backend not Found 404".

Here a minimal part of the project:

settings.py: (I also included API_KEY and SECRET)

AUTHENTICATION_BACKENDS = (
   #'social.backends.facebook.FacebookOAuth2',
   'social.backends.google.GoogleOAuth2',
   'social.backends.twitter.TwitterOAuth',
   'django.contrib.auth.backends.ModelBackend',
)

views.py (for the authentication view)

from django.contrib.auth import login

from social.apps.django_app.utils import psa

@psa('social:complete')
def register_by_access_token(request, backend):
    token = request.GET.get('access_token')
    user = request.backend.do_auth(request.GET.get('access_token'))
    if user:
        login(request, user)
        return 'OK'
    else:
        return 'ERROR'

This i copied strait from the docs and only changed backend.do_auth to request.backend.do_auth. This seems to be an error in the docs.

urls.py:

...
url(r'^register-by-token/(?P<backend>[^/]+)/$', 'register_by_access_token')
...

Also as suggested in the docs.

I just tried to get this working just for google-oauth because there is a simple js-lib that gives you the access-token. This also worked quite nice and I send a request to 

GET http://localhost:8000/register-by-token/google-oauth2/<access-token>/

As described above the return was a 404 Backend not found. I did a little bit of debugging and found out that the error is raised in the login function not the do_auth() function of the backend. Therefor the actual authentication process works. I also tried using a random generated string as a token and got an according error, that the user cannot be authenticated.

The funny thing is that the user even has a property backend which holds 'social.backends.google.GoogleOAuth2' as it should.

Thank you if you stayed with me for the long post, and I hope someone has an idea what could be wrong :). Looking forward to your answers.

Stephanotis answered 8/10, 2014 at 8:43 Comment(8)
So you want to get this working with GoogleOAuth2? (I'm just confused because you said " This worked perfectly for Google and Twitter login."). Why are you overriding the social:complete view at all? (also on an unrelated note you may want to use GooglePlusAuth instead, as I believe google is closing registration for OAuth2 in a few months, see developers.google.com/+/api/auth-migrationSon
I only ask why you overriding it as recently I added google social sign-in to my Django site with python-social-auth, and I did nothing like this, and I'd imagine pipelines would be the place for any custom code....so I'm curious what you're trying to achieve.Son
Looks like the error is raised in social.apps.django_app.utils in psa, which leads you to social.backends.utils, get_backend which raises the exception...why not put some print statements there with the relevant variables and see what's going on..Son
Hey, I never overwrite the social:complete view. This @ paramter is just a decorator do give the view some more data. I have to do more things because I am trying to use Django as REST server which by default has no state at all (therefore no sessions :(). The part with working just fine was the case if I juse the default session system as in the Tutorial I posted at the beginning. Thanks for the tip with google shutting down OAuth2 I did not know this.Stephanotis
@Stephanotis do you still have this issue? If so, it seems the psa decorator is raising the Http404, so could you provide full traceback around this line in psa code? If you solved it, please post your answerDolores
Hey tutu, I am sorry, but I did not fix the problem but realized that I can just ignore it. As described I'm using the Django Server as a REST-Backend which is stateless. Therefore logging in is acutally a thing I do not need. Authentication is enough and luckily the error occurs in the login function and not in the psa decorator.Stephanotis
Did you add the required stuff in Middleware?Firedrake
Anther way to go would be to give django-allauth a try. It integrates easily and works perfectly.Thomasinathomasine
A
1

In you register_by_access_token view, you are getting access_token in GET params

user = request.backend.do_auth(request.GET.get('access_token'))

and url you defiend is:

url(r'^register-by-token/(?P<backend>[^/]+)/$', 'register_by_access_token')

So you need to request something like:

GET http://localhost:8000/register-by-token/google-oauth2/?access_token=<access_token>

whereas, you are doing:

GET http://localhost:8000/register-by-token/google-oauth2/<access-token>/

You are passing access_token in url params, which is wrong.

Acculturate answered 26/2, 2016 at 11:34 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.