is code is access token?

[UrsaCoder]

basically, I install the package

and add this in setting SOCIAL_AUTH_FACEBOOK_KEY = 'i add my FB client id' SOCIAL_AUTH_FACEBOOK_SECRET = 'i add my FB app secret' and I add this URL path('api/login/', include('rest_social_auth.urls_token')),] but when I hit this API (http://localhost:8000/api/login/social/token_user/) with this json ( { "provider": "facebook", "code":"my acess token" }) i am confused what is code is code is access access token? because I am getting this error "Invalid verification code format." when I add my FB acess token

[shrinidhinhegde]

yes when it comes to facebook and google, even i have the same question. facebook and google does not return a 'code' it returns an accessToken and i have the same exact problem as you do.

[rj76]

Also having this problem

[shrinidhinhegde]

so. i resolved the problem by using this. https://python-social-auth.readthedocs.io/en/latest/use_cases.html#signup-by-oauth-access-token

u don't have to use any of the packages. python social auth already has something for apis.

[imanaspaul]

@shrinidhinhegde could you please share your repo over here?

[shrinidhinhegde]

@imanaspaul no it's a private project and the link I have shared is pretty straightforward. I will share a part of my views file tho.

@api_view(['POST'])
@psa('social:complete')
@permission_classes((permissions.AllowAny,))
def SocialLogin(request, backend):
    token = request.data['code']

    if backend == 'github':
        url = "https://github.com/login/oauth/access_token/"
        payload = {
            'code': token,
            'client_id': settings.SOCIAL_AUTH_GITHUB_KEY,
            'client_secret': settings.SOCIAL_AUTH_GITHUB_SECRET
        }
        response = requests.request("POST", url, data=payload)
        m = re.search('access_token=(.+?)&scope', str(response.text))
        if m:
            token = m.group(1)
        else:
            raise Http404

    user = request.backend.do_auth(token)
    if user:
        login(request, user)
        return JsonResponse({
            'token': AuthToken.objects.create(user)[1],
            'user_id': user.id,
            # and anything else you want to return
        })
    else:
        raise Http404

you can set up a URL to this view like this

path('social-login/<str:backend>/', views.SocialLogin, name='api-social-login'),

the methods for each site(i.e. Github, Facebook, etc. is slightly different. but you just need to pass the access token in request.backend.do_auth(<your access token here>)

I am using this view to authenticate using GitHub, Twitter, Facebook and Google and it works peacefully

[denizdogan]

Any news on this matter? The example above seems rather rudimentary and, for lack of a better word, "manual".

[denizdogan]

Looking at django-rest-framework-social-oauth2 it seems that it has some capability to "convert" a provider access token to a Django access token, using functionality from oauthlib. None of this seems to exist in the ecosystem in which django-rest-social-auth lives.

[pbeneteau]

I was also trying to implement this custom view using python_social_auth but the issue there is that I can't chose which auth backend I want (session, JWT, know, etc). So if you combine it with django-rest-social-auth and use JWT authentification it won't work because they are both not using the same authentication backend.

[st4lk]

Hey guys, can you try:

• clone this repo

• specify in example project settings your app params:

  SOCIAL_AUTH_FACEBOOK_KEY = '...'
  SOCIAL_AUTH_FACEBOOK_SECRET = '...'

• run the example project

  make

And say - is facebook auth working or not?

[sp-luciano-chinke]

The accessToken is probably for authentication, and not for authorization. I've been struggling recently with the latest Google Sign In changes because there's not much good support for authorization through JS (it asks the user to authorize the application every time that you need to retrieve the 'code' again). This makes our current auth setup with django-rest-social-auth a bit outdated and worsens UX when loggin in. https://github.com/iMerica/dj-rest-auth gives better support for the new authentication process from google (named Google One Tap), though it needs an update to be aligned with django-allauth (PR is already open for the fix)