search

python-social-auth / social-app-django

Python Social Auth - Application - Django
BSD 3-Clause "New" or "Revised" License
2.01k stars 375 forks source link

Question: logging in with different Google accounts #200

Open yles9056 opened 5 years ago

yles9056 commented 5 years ago

I had a problem with my django website when switching between different Google accounts.

My website uses Google OAuth2.0 for authentication. First, I logged in with a Google account(userA). Then, I logged out from my website and tried to log in with another Google account(userB). But I was automatically logged in as userA when I pressed the login button. I had to clear all browser cookies manually in order to login as userB.

Some data was not cleared when userA logged out. What setting do I need to change? I don't think disconnecting is what I am looking for. I just need to switch to different Google account.

setting.py

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    ...
    'testLogin',    #Index page for testing social auth
    'social_django',
]

AUTHENTICATION_BACKENDS = (
    'social_core.backends.google.GoogleOAuth2',
    'django.contrib.auth.backends.ModelBackend',
)

SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '***'
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '***'
SOCIAL_AUTH_URL_NAMESPACE = 'social'

LOGIN_URL = '/auth/login/google-oauth2/'
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'

#These are not default settings. Listed in case they might cause any problem
APPEND_SLASH=True
SESSION_ENGINE='django.contrib.sessions.backends.cache'
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
    },    
    'oracle': {
       ...
    }
}
...

urls.py

from django.contrib import admin
from django.urls import path, include
from django.conf import settings
from django.conf.urls.static import static
from django.contrib.auth import views

urlpatterns = [
    path('admin/', admin.site.urls),
    path('', include('testLogin.urls')),    #Index page for testing social auth
    path('', include('social_django.urls', namespace='social')),
    path('logout/', views.LogoutView.as_view(), name='logout'),
]

urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

testLogin.html (Index page for testing social auth)

...
<body>
  {% if user.is_authenticated %}
    <p>Logged as {{ user }}</p>
    <a class="btn btn-primary" href="{% url 'logout' %}">Logout</a>
  {% else %}
    <a class="btn btn-primary" href="{% url 'social:begin' 'google-oauth2' %}">Login</a>
  {% endif %}
</body>
...
divyarajpurohit commented 4 years ago

I want to do exactly same thing. Please let me know if you get any solution. Thanks

KennyMonster commented 4 years ago

@divyarajpurohit This did it for us:

In settings.py

# force asking the user which account to use
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'prompt': 'select_account'}
divyarajpurohit commented 4 years ago

Thanks you, this is what i actually was looking for. Is this type of code available for fb, linkedIn and twitter as well?

KennyMonster commented 4 years ago

Is this type of code available for fb, linkedIn and twitter as well?

I can't speak to fb or twitter, but I spent a few hours trying to track it down for linkedin and concluded it doesn't exist.