After authenticating user is created, but it does not log into django

python-social-auth / social-app-django

Python Social Auth - Application - Django

BSD 3-Clause "New" or "Revised" License

2.03k stars 380 forks source link

After authenticating user is created, but it does not log into django #111

Open MrJeric0 opened 6 years ago

MrJeric0 commented 6 years ago

After completing to SSO page in an ADFS i return to the /complete/saml and i get redirected but i am not Authenticated. I check the admin section and i see a new USER SOCIAL AUTH entry with the email i entered. What is preventing me from completely logging in?

alexmbird commented 6 years ago

I'm having the exact same issue with social-auth-app-django==2.1.0 and social-auth-core==1.5.0 (running 1.5.0 because LinkedIn auth is broken in 1.6.0)

alexmbird commented 6 years ago

@MrJeric0 a thought - what Django are you on? I'm using 2.0.1. 2.0 only came out in December so maybe social-app-django hasn't yet been tested against it.

MrJeric0 commented 6 years ago

I am using django version 1.11. I fixed my issue. Can you check to see if a sessionid cookie is created after you login?

alexmbird commented 6 years ago

Yes, a sessionid cookie is set in two places:

At the start of the auth process, when the user is sent to /login/linkedin-oauth2/, a session_id=ldkn... cookie is set
At the end of the auth process, where LinkedIn sends the user back to /complete/linkedin-oauth2/, sessionid=j6xw... is set - even though the browser sent sessionid=ldkn... to Django with that request.

I don't know why a new session is being started with the call to /complete/linkedin-oauth2/. They're working in general for my site (e.g. I stay logged in to the admin console). Is linkedin-oauth supposed to completely replace the user's session upon successful login?

MrJeric0 commented 6 years ago

When you are logged in and auth with an outside service it associates the accounts together i believe.

My solution might not be the best. I made a new view and i point the redirect to

def connect(request):
    if '_auth_user_id' in request.session:  
        user_obj = User.objects.filter(id=request.session['_auth_user_id'])
        request.user = user_obj[0]
        messages.success(request, 'You are now logged in as {}'.format(request.user))
        login(request, request.user, backend=settings.AUTHENTICATION_BACKENDS[0])
    return HttpResponseRedirect('/')

alexmbird commented 6 years ago

Thanks, I'll bear it in mind. But by doing that aren't we skipping the code in the social-auth pipeline to collect and sanity check the user's token?

MrJeric0 commented 6 years ago

I'm not quite sure. but it does use the pipelines to check if the user is new. So im assuming its using whatever pipelines you've enables.

matejkloska commented 6 years ago

Try to check all settings related to middleware, template context processors and the other parts. In my case, many settings were using:

social. instead of social_core.
social.apps.django_app. instead of social_django.

petrprikryl commented 6 years ago

The explanation lies in Django https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L184 because if you (like me) let path social.backends... instead of social_core.backends... in AUTHENTICATION_BACKENDS then you are correctly authenticated but AuthenticationMiddleware cannot detect it.

# doesn't work
AUTHENTICATION_BACKENDS = (
    'social.backends.facebook.FacebookOAuth2',
    ...
)

# works
AUTHENTICATION_BACKENDS = (
    'social_core.backends.facebook.FacebookOAuth2',
    ...
)

Bohooslav commented 4 years ago

The explanation lies in Django https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L184 because if you (like me) let path social.backends... instead of social_core.backends... in AUTHENTICATION_BACKENDS then you are correctly authenticated but AuthenticationMiddleware cannot detect it.
# doesn't work
AUTHENTICATION_BACKENDS = (
    'social.backends.facebook.FacebookOAuth2',
    ...
)

# works
AUTHENTICATION_BACKENDS = (
    'social_core.backends.facebook.FacebookOAuth2',
    ...
)

This should documented

pizzapanther commented 2 years ago

I had the same problem with Azure OAuth.

Docs say use: social_core.backends.azuread_tenant.AzureADOAuth2

But social_core.backends.azuread.AzureADOAuth2 works

alexey-nikolov-basemark-com commented 2 years ago

Docs say use: social_core.backends.azuread_tenant.AzureADOAuth2 But social_core.backends.azuread.AzureADOAuth2 works

And because the documentation seems to be living detached from the code, and I'm using 3.1.0 (Debian stable), I would rely on an assumption that the most of the "latest version" docs are still relevant. Apparently, it screams for a minuscule amendment (took me a day of wondering why my authentication against Microsoft identity platform loops!)

nijel commented 2 years ago

Improvements to the documentation are welcome: https://github.com/python-social-auth/social-docs/