search

wagnerdelima / drf-social-oauth2

drf-social-oauth2 makes it easy to integrate Django social authentication with major OAuth2 providers, i.e., Facebook, Twitter, Google, etc.
https://drf-social-oauth2.readthedocs.io/en/latest/
MIT License
272 stars 34 forks source link

[Question] How to use the convert token logic inside Django? #212

Closed digoburigo closed 2 months ago

digoburigo commented 6 months ago

I want to convert the token from OAuth to the Django session one, but I need to do it inside Django. How can this be achieved?

Tried to use requests and making a POST call internally but it's not working.

wagnerdelima commented 6 months ago

I could not understand your question. Be clearer, more concise and give examples.

digoburigo commented 6 months ago

I'm trying to convert the token from the Google OAuth callback, getting the token from the Django session and returning it to another application. But when I deploy the server, it's not being able to request to itself. Then I'm asking if it's possible to call this lib view internally or something like that

def complete_google(request: HttpRequest) -> Response:
    social: str = "google-oauth2"
    code: str = request.GET.get("code")
    url: str = "https://oauth2.googleapis.com/token"
    payload: Dict[str, str] = {
        "client_id": SOCIAL_AUTH_GOOGLE_OAUTH2_KEY,
        "client_secret": SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET,
        "code": code,
        "redirect_uri": f"{DJANGO_BASE_URL}/complete/google-oauth2/",
        "grant_type": "authorization_code",
    }
    headers: Dict[str, str] = {"Content-Type": "application/x-www-form-urlencoded"}
    response: Response = requests.post(url, headers=headers, data=payload)

    response_json: Dict[str, str] = response.json()
    google_auth_token = response_json.get("access_token")
    url: str = f"{DJANGO_BASE_URL}/auth/convert-token/"
    payload: Dict[str, str] = {
        "grant_type": "convert_token",
        "backend": social,
        "client_id": APPLICATION_CLIENT_ID_GOOGLE,
        "client_secret": APPLICATION_CLIENT_SECRET_GOOGLE,
        "token": google_auth_token,
    }
    headers: Dict[str, str] = {"Content-Type": "application/x-www-form-urlencoded"}
    response: Response = requests.post(url, headers=headers, data=payload)
    return Response(
        response.json(),
     )
wagnerdelima commented 6 months ago

What is your django base url?

You could do it with self.request.build_absolute_uri('/')[:-1]

Or something like that.

Finishing the day here. Hope you find it out!

digoburigo commented 6 months ago

That's only the URL that Django application it's running.

For example, if it's running locally with NGINX is http://localhost:80

Thanks for the info. I will try out. Good day!

wagnerdelima commented 6 months ago

Succeeded?

digoburigo commented 6 months ago

No, I'm moving this to a different application, that's going to be in charge of validating the users. So I guess I will not encounter this problem. But if is there a way to make it to call itself would be ideal. Is there any way to call the view responsible for converting the token ?

dreaquil commented 2 months ago

Edit: Removing due to update in https://github.com/wagnerdelima/drf-social-oauth2/issues/203#issuecomment-2247408454

wagnerdelima commented 2 months ago

Careful, you should never return the client secret like that. It should not be exposed for security reasons.