python-social-auth / social-docs

Python Social Auth - Docs
BSD 3-Clause "New" or "Revised" License
35 stars 99 forks source link

Suggestion: add quickstart/tutorial answering most basic questions. #135

Open Zenahr opened 1 year ago

Zenahr commented 1 year ago

This is mostly subjective but just to give a bit of context:

I'm a software engineer with moderate experience in fullstack dev. Very familiar with Flask, a bit of experience with Django. My goal: Rewriting a project that uses social authentication in Django.

I came across PSA and started trying to get it to work. It would be awesome to some sort of quickstart guides section for people who would like to add PSA to their projects with little to no friction and get started quickly.

I did get most of my flow working. Here's a list of questions I had trouble finding an answer to and some roadblocks:

SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '<id>'
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '<secret>'
SOCIAL_AUTH_GOOGLE_SCOPE = [
    'https://www.googleapis.com/auth/youtube.force-ssl'
]
GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'approval_prompt': 'force'} # force user to accept permissions on auth flow even if given before.

SOCIAL_AUTH_GOOGLE_OAUTH2_LOGIN_REDIRECT_URL = '/login/google-oauth2/' # <----- not sure if this one actually works
LOGIN_REDIRECT_URL = '/'

And it would be crazy awesome if the guide would also walk through testing the auth flow rudimentarily. Meaning: Log in, Revoke access, Log out.

I found this helpful snippet for logging in in a SO article: <a href="{% url "social:begin" "google-oauth2" %}">Sign in with Google</a>

I'm now just missing the equivalent for revoking access to the social provider. I thought <a href="{% url "social:disconnect" "google-oauth2" %}">Revoke access to my YouTube channel</a> would work, it doesn't.

So then I start looking at the pipelines concept in PSA but I don't really know what changes if I comment out some of the pipelines, how to invoke them etc.


I would gladly create an attempt for this kind of guide on the example of Google authentication if this is something that would be appreciated.

Bottom line: This isn't meant to be negative, I really appreciate what we can do with PSA, I just think the docs could have some additional guides to help get your feet wet and answer some general questions adopters might have. Another question I will still have to look into is for example "How do I get PSA to work with my custom user model? Can I just have my model extend some PSA model?" etc.

nijel commented 1 year ago

Contributing this would be useful. Probably extending https://python-social-auth.readthedocs.io/en/latest/configuration/django.html would be the way to go...

Zenahr commented 1 year ago

@nijel agreed. I would like to just know from a maintainer if this would be something they'd like to see added. Otherwise I might be writing documentation that won't make it onto the website.

nijel commented 1 year ago

Yes, I'd merge such contributions.