search

omab / django-social-auth

Django social authentication made simple
https://groups.google.com/group/django-social-auth
BSD 3-Clause "New" or "Revised" License
2.65k stars 756 forks source link

oauth authentication #114

Closed AndriusA closed 13 years ago

AndriusA commented 13 years ago

Probably some misconfiguration on my side, but can't make any of the OAuth methods work, interestingly with different errors.

Facebook seems to be working up to a point, but the actual log in fails - the steps it takes after pressing facebook authentication link are: (MY_URL)/login/facebook/ https://graph.facebook.com/oauth/authorize?redirect_uri=http%3A%2F%2F(MY_URL)%3A8000%2Fcomplete%2Ffacebook%2F&client_id=(MY_CLIENT_ID) https://www.facebook.com/connect/uiserver.php?app_id=(MY_APP_ID)&method=permissions.request&display=page&next=http%3A%2F%2F(MY_URL)%3A8000%2Fcomplete%2Ffacebook%2F&response_type=code&fbconnect=1 (MY_URL)/complete/facebook/?code=AQDa6aTB_Ht7CQwjEHHgP9te6DfToTLb3jumX1rM0H7V15zYRWI1N4CJKmy16tATgVTyJar1gLZ1acM3pHsemEa743onTOLm8kTVbin5joTnrRovYgYglqVAGRM00BGTW9wEWv1UkzeZe0owOHYwsdxQJO1v5sRHGKzYGc2guelSUMdP2qSCYeeLHSm2iLY0TA4

and then it jumps to 'login/error/', which I haven't figured out how to configure properly either - at the moment it just says "Incorrect authentication service", obviously.

With Google I'm getting "ValueError at /login/google-oauth/ Invalid parameter string."

Environment:

Request Method: GET Request URL: http://(MY_URL)/login/google-oauth/

Django Version: 1.3 Python Version: 2.6.6 Installed Applications: ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'django.contrib.databrowse', 'cvlization.site', 'social_auth'] Installed Middleware: ('django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.middleware.doc.XViewMiddleware')

Traceback: File "/usr/local/lib/python2.6/dist-packages/django/core/handlers/base.py" in get_response

  1. response = callback(request, _callback_args, *_callback_kwargs) File "/home/andrius/cvlization/social_auth/views.py" in auth
  2. return auth_process(request, backend, COMPLETE_URL_NAME) File "/home/andrius/cvlization/social_auth/views.py" in auth_process
  3. return HttpResponseRedirect(backend.auth_url()) File "/home/andrius/cvlization/social_auth/backends/init.py" in auth_url
  4. token = self.unauthorized_token() File "/home/andrius/cvlization/social_auth/backends/init.py" in unauthorized_token
  5. return Token.from_string(response) File "/usr/local/lib/python2.6/dist-packages/oauth2/init.py" in from_string
  6. raise ValueError("Invalid parameter string.")

Exception Type: ValueError at /login/google-oauth/ Exception Value: Invalid parameter string.

LinkedIn is even more strange: "ValueError at /login/linkedin/ 'oauth_token' not found in OAuth request."

Environment:

Request Method: GET Request URL: http://(MY_URL):8000/login/linkedin/

Django Version: 1.3 Python Version: 2.6.6 Installed Applications: ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'django.contrib.databrowse', 'cvlization.site', 'social_auth'] Installed Middleware: ('django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.middleware.doc.XViewMiddleware')

Traceback: File "/usr/local/lib/python2.6/dist-packages/django/core/handlers/base.py" in get_response

  1. response = callback(request, _callback_args, *_callback_kwargs) File "/home/andrius/cvlization/social_auth/views.py" in auth
  2. return auth_process(request, backend, COMPLETE_URL_NAME) File "/home/andrius/cvlization/social_auth/views.py" in auth_process
  3. return HttpResponseRedirect(backend.auth_url()) File "/home/andrius/cvlization/social_auth/backends/init.py" in auth_url
  4. token = self.unauthorized_token() File "/home/andrius/cvlization/social_auth/backends/init.py" in unauthorized_token
  5. return Token.from_string(response) File "/usr/local/lib/python2.6/dist-packages/oauth2/init.py" in from_string
  6. raise ValueError("'oauth_token' not found in OAuth request.")

Exception Type: ValueError at /login/linkedin/ Exception Value: 'oauth_token' not found in OAuth request.

For configs I have just copy-pasted local_settings.py (removing the .template) and populated it with relevant keys/secrets

The other relevant parts of the configuration are: INSTALLED_APPS = ( 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'django.contrib.databrowse', 'cvlization.site',

'social_auth',

)

Login paths

LOGIN_REDIRECT_URL = '/' LOGIN_URL = '/login/' LOGOUT_URL = '/logout/'

AUTHENTICATION_BACKENDS = ( 'social_auth.backends.twitter.TwitterBackend', 'social_auth.backends.facebook.FacebookBackend', 'social_auth.backends.google.GoogleOAuthBackend', 'social_auth.backends.google.GoogleOAuth2Backend', 'social_auth.backends.google.GoogleBackend', 'social_auth.backends.yahoo.YahooBackend', 'social_auth.backends.contrib.linkedin.LinkedinBackend', 'social_auth.backends.contrib.orkut.OrkutBackend', 'social_auth.backends.OpenIDBackend', 'django.contrib.auth.backends.ModelBackend', )

And urls are configured as urlpatterns = patterns('', (r'', include('cvlization.site.urls')), (r'', include('social_auth.urls')), (r'^admin/', include(admin.site.urls)), )

and

urlpatterns = patterns('cvlization.site.views', (r'^(?:|home/)$', 'home'), (r'^legal/(?P[-a-z]+)/$', 'legal_page'), (r'^(?:resume)/(?P[\w]+)/$', 'resume_public_view'), (r'^user/invited/(?P[0-9a-z]+)/$', 'user_register_invited'), (r'^user/invite/$', 'user_invite'), (r'^user/acceptInvitation/(\w+)/$', 'user_invitation_accept'), (r'^user/register/$', 'user_register'), (r'^edit/$', 'resume_edit'), (r'^user/edit/$', 'profile_edit'), (r'^user/import/$', 'profile_import'), )

urlpatterns += patterns('', (r'^login/$', 'django.contrib.auth.views.login', { 'template_name': 'login.html' }),

(r'^logout/$', 'django.contrib.auth.views.logout_then_login', {
        'login_url': '/'
    }),

)

Sorry for the lengthy post, but was trying to give enough details. Would be really grateful if you could help me out.

ghickman commented 13 years ago

@andriusa this error is probably masking the real error unfortunately. The 'error' part of /login/error/ is being picked up by the _auth rule

url(r'^login/(?P<backend>[^/]+)/$', auth, name='socialauth_begin'),

and so it tries to find a backend called error. I got around this by adding this line to my global urls.py

url(r'^login-error/', 'views.login_error', name='login_error'),

then adding a basic view to my global views.py. Admittedly this only meant I got past that error before I could move onto peppering the code with prints.

Hope this helps in some way.

omab commented 13 years ago

@ghickman, any luck getting OAuth backends up? Seems to be a misconfiguration as you mentioned, please check that settings for each backend are properly defined.

About error URL, django-social-auth expects LOGIN_ERROR_URL setting to redirect the user to such page, that value is taken as it is, not reverse or anything is applied. It's weird that a redirect to /login/error/ is even tried.

ghickman commented 13 years ago

@omab you're redirecting to it in views.py in both complete_process and associate_complete if the user isn't set and auth_complete doesn't return nicely respectively. Thus you're redirected to `/login/error/ if you haven't changed the value.

This was masking my main problem to do with not creating users but wanting to associate them with a Google Account, which I've fixed using the pull request from Cassus: https://github.com/omab/django-social-auth/pull/109

omab commented 13 years ago

@ghickman, yeah, I'm aware of the redirect and a value like /login/error/ will fail unless URLs are properly ordered as you pointed. Views return values were fixed in a recent commit https://github.com/omab/django-social-auth/commit/3bbcee80d4a43f20481951211554da3914dec965.

About the pull request, I've rejected it, IMO a signal shouldn't cut the process in the middle with a HttpResponse, it's not it's responsibility to play with responses, it's not it's layer.

ghickman commented 13 years ago

@omab ah decorators, well played sir!

Yes that's fair enough, I hadn't looked into the signals very closely. I needed to allow current users link their accounts to their Google Apps Account while not creating new users (it's an internal app so we want control of that) and the pull request did cover that. Unless I'm missing something that already exists?

omab commented 13 years ago

@ghickman, so you want the association URL instead of the login ones? Your users will access to /associate/google/ and that will link their current account with the Google one but users must be logged in, makes sense?

omab commented 13 years ago

Closing, reopen if needed.