Open MrJeric0 opened 6 years ago
I'm having the exact same issue with social-auth-app-django==2.1.0
and social-auth-core==1.5.0
(running 1.5.0 because LinkedIn auth is broken in 1.6.0)
@MrJeric0 a thought - what Django are you on? I'm using 2.0.1
. 2.0 only came out in December so maybe social-app-django hasn't yet been tested against it.
I am using django version 1.11. I fixed my issue. Can you check to see if a sessionid cookie is created after you login?
Yes, a sessionid
cookie is set in two places:
/login/linkedin-oauth2/
, a session_id=ldkn...
cookie is set/complete/linkedin-oauth2/
, sessionid=j6xw...
is set - even though the browser sent sessionid=ldkn...
to Django with that request.I don't know why a new session is being started with the call to /complete/linkedin-oauth2/
. They're working in general for my site (e.g. I stay logged in to the admin console). Is linkedin-oauth supposed to completely replace the user's session upon successful login?
When you are logged in and auth with an outside service it associates the accounts together i believe.
My solution might not be the best. I made a new view and i point the redirect to
def connect(request):
if '_auth_user_id' in request.session:
user_obj = User.objects.filter(id=request.session['_auth_user_id'])
request.user = user_obj[0]
messages.success(request, 'You are now logged in as {}'.format(request.user))
login(request, request.user, backend=settings.AUTHENTICATION_BACKENDS[0])
return HttpResponseRedirect('/')
Thanks, I'll bear it in mind. But by doing that aren't we skipping the code in the social-auth pipeline to collect and sanity check the user's token?
I'm not quite sure. but it does use the pipelines to check if the user is new. So im assuming its using whatever pipelines you've enables.
Try to check all settings related to middleware, template context processors and the other parts. In my case, many settings were using:
The explanation lies in Django https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L184 because if you (like me) let path social.backends...
instead of social_core.backends...
in AUTHENTICATION_BACKENDS
then you are correctly authenticated but AuthenticationMiddleware
cannot detect it.
# doesn't work
AUTHENTICATION_BACKENDS = (
'social.backends.facebook.FacebookOAuth2',
...
)
# works
AUTHENTICATION_BACKENDS = (
'social_core.backends.facebook.FacebookOAuth2',
...
)
The explanation lies in Django https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L184 because if you (like me) let path
social.backends...
instead ofsocial_core.backends...
inAUTHENTICATION_BACKENDS
then you are correctly authenticated butAuthenticationMiddleware
cannot detect it.# doesn't work AUTHENTICATION_BACKENDS = ( 'social.backends.facebook.FacebookOAuth2', ... ) # works AUTHENTICATION_BACKENDS = ( 'social_core.backends.facebook.FacebookOAuth2', ... )
This should documented
I had the same problem with Azure OAuth.
Docs say use: social_core.backends.azuread_tenant.AzureADOAuth2
But social_core.backends.azuread.AzureADOAuth2
works
Docs say use: social_core.backends.azuread_tenant.AzureADOAuth2 But social_core.backends.azuread.AzureADOAuth2 works
And because the documentation seems to be living detached from the code, and I'm using 3.1.0 (Debian stable), I would rely on an assumption that the most of the "latest version" docs are still relevant. Apparently, it screams for a minuscule amendment (took me a day of wondering why my authentication against Microsoft identity platform loops!)
Improvements to the documentation are welcome: https://github.com/python-social-auth/social-docs/
After completing to SSO page in an ADFS i return to the /complete/saml and i get redirected but i am not Authenticated. I check the admin section and i see a new USER SOCIAL AUTH entry with the email i entered. What is preventing me from completely logging in?