Facebook backend documentation doesn't mention the authentication backend package name and missing the step about adding it to AUTHENTICATION_BACKENDS in settings.py.

It seems this repository (python-social-auth/social-docs) just has the same CONTRIBUTING.md as the other python-social-auth/* repos. But some of the stuff in there makes little or no sense for a pure documentation repository in general or sometimes makes little or no sense for this specific repository.

How to contribute

I like to encourage you to contribute to the repository.

This should be as easy as possible for you but there are a few things
to consider when contributing. The following guidelines for
contribution should be followed if you want to submit a pull request.

How to prepare

• You need a GitHub account

✅ Well, that's a given. Let's leave that in.

• Submit an issue ticket
  for your issue if there is no one yet.
  • Describe the issue and include steps to reproduce if it's a bug.
  • Ensure to mention the earliest version that you know is affected.

🤔 Does this make sense for documentation? Issue tickets might be warranted for documentation changes that need some discussion first, or that the one who brings up the issue can't or doesn't want to fix themselves. Otherwise, I'd say a PR should suffice.

🔴 For documentation bugs "steps to reproduce" will only sometimes be meaningful, I think.

• If you are able and want to fix this, fork the repository on GitHub

✅ Sounds good.

Make Changes

• In your forked repository, create a topic branch for your upcoming
  patch. (e.g. feature/new-backend or bug/auth-fails)
  • Usually this is based on the master branch.
  • Create a branch based on master git branch bug/auth-fails master
    then checkout the new branch with git checkout bug/auth-fails.
    Please avoid working directly on the master branch.

😐 While this makes sense per-se, unfortunately GitHub doesn't allow users to choose meaningful branch names when they don't clone the repo to their local machine and don't explicitly fork the repo on GitHub first and only then edit a file online in their fork:
If one attempts to edit a file on the original repo (without having write access) GitHub will implicitly fork it and automatically create a branch named patch-1 (or some other number if there already was a fork and that branch name was already taken).

• Make commits of logical units and describe them properly.

✅ Makes sense if "of logical units" refers to a somewhat atomic set of changes. (The changes themselves could be distributed over several units of the repo if they need to be made together to make sense.)

• Make sure you stick to PEP8
  coding style that is used already.

🤔 Is this about code examples in the documentation? Otherwise it doesn't make much sense in a repo mainly consisting of MarkDown, HTML and CSS files.

• If possible, submit tests to your patch / new feature so it can be tested easily.
• Assure nothing is broken by running all the tests.

🔴 As far as I can see, this repo contains no tests.

• Add a meaningful entry to the CHANGELOG.md document.

🤔 Maybe this should be limited to notable changes. Documentation repositories are bound to get lots of contributions that just fix typos, grammar, etc.

[...]

docs/configuration/django.rst at line 235 states:
Exception processing is disabled if **any** of this settings is defined with a True value:

But having DEBUG=True and by setting e.g. SOCIAL_AUTH_RAISE_EXCEPTIONS = False, it is enabled.

Relevant code point:
social_django/middleware.py, line 56:
strategy.setting('RAISE_EXCEPTIONS', settings.DEBUG)
(If RAISE_EXCEPTIONS is set (even to False), it is taken.)

Documentation should reflect this.

A backend for Patreon OAuth2 support exists, but is undocumented. I believe I have a fix, and will fire a PR shortly.

Expected behaviour

Documentation exists for Auth0 which is supported in the code as a backend: https://github.com/python-social-auth/social-core/blob/master/social_core/backends/auth0.py

Actual behaviour

Describe what happens instead and why is it an issue.
No documentation exits for Auth0 Backend in the expected location (or any location): https://github.com/python-social-auth/social-docs/blob/master/docs/backends/index.rst

Flagging this as an issue for anyone looking for inspiration for documentation improvement pull requests.

I've come across this problem when trying to use intersphinx.
The module index doesn't exist and there is no link from the documentation to the source code.

While the use cases in the documentation are useful to get the user going I think it lacks a connection to the code.

At least for me (I think this is the third issue I open in two weeks and the other two were posted mainly for lack of knowledge on this library) a documentation connected to the code would be interesting. Even for you (@omab), because a better understanding of the library leads to better and more contributions.

Hello,

I configured our tool to authenticate with Okta via SAML . If I log in from our tool with SAML it functions correctly and takes me to Okta to sign in, then allows me into tool after authenticating. However, If I initiate the process from Okta by clicking the app I setup, it doesn't work. I see "ERROR social u''. in the log . Would you know what would causes this error? This is not an issue with Okta as I reviewed this with their support.

Thanks

Hi there,

I'm trying to use shopify to get token from a store.

If I go to http://127.0.0.1:8000/login/shopify/
I got this error:

Environment:


Request Method: GET
Request URL: http://127.0.0.1:8000/login/shopify/

Django Version: 1.8.5
Python Version: 2.7.14
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.humanize',
 'django.contrib.admin',
 'main',
 'main.templatetags',
 'users',
 'questions',
 'dashboard',
 'tinytests',
 'common',
 'spike',
 'adm',
 'social.apps.django_app.default',
 'compressor',
 'django.contrib.sitemaps',
 'djcelery',
 'redactor',
 'corsheaders')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.cache.UpdateCacheMiddleware',
 'htmlmin.middleware.HtmlMinifyMiddleware',
 'corsheaders.middleware.CorsMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'main.middleware.AccountNotConfirmedMiddleware',
 'main.middleware.NoMailMiddleware',
 'main.middleware.UpdateLastActivityMiddleware',
 'social.apps.django_app.middleware.SocialAuthExceptionMiddleware',
 'django.middleware.cache.FetchFromCacheMiddleware',
 'htmlmin.middleware.MarkRequestMiddleware',
 'main.middleware.UserUidMiddleware',
 'main.middleware.UserHistoryInfo',
 'main.middleware.UserReferredMiddleware',
 'main.middleware.UserCouponMiddleware')


Traceback:
File "/Users/fraf9/Sites/saldd/ve/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  132.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/Users/fraf9/Sites/saldd/ve/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
  45.             return func(request, backend, *args, **kwargs)
File "/Users/fraf9/Sites/saldd/ve/lib/python2.7/site-packages/social/apps/django_app/views.py" in auth
  12.     return do_auth(request.social_strategy, redirect_name=REDIRECT_FIELD_NAME)
File "/Users/fraf9/Sites/saldd/ve/lib/python2.7/site-packages/social/actions.py" in do_auth
  25.     return strategy.start()
File "/Users/fraf9/Sites/saldd/ve/lib/python2.7/site-packages/social/strategies/base.py" in start
  66.             return self.redirect(self.backend.auth_url())
File "/Users/fraf9/Sites/saldd/ve/lib/python2.7/site-packages/social/backends/shopify.py" in auth_url
  50.             self.data.get('shop').strip(),

Exception Type: AttributeError at /login/shopify/
Exception Value: 'NoneType' object has no attribute 'strip'

If I go to http://127.0.0.1:8000/login/shopify/?shop=myshourl.myshopify.com

unbound method create_permission_url() must be called with Session instance as first argument (got unicode instance instead)

Any ideas?
Let me know,
Thank you very much.

There is no corresponding documentation for backends/microsoft in social_core, so I made one. #88

• PSA = python-social-auth

This is mostly subjective but just to give a bit of context:

I'm a software engineer with moderate experience in fullstack dev. Very familiar with Flask, a bit of experience with Django.
My goal: Rewriting a project that uses social authentication in Django.

I came across PSA and started trying to get it to work.
It would be awesome to some sort of quickstart guides section for people who would like to add PSA to their projects with little to no friction and get started quickly.

I did get most of my flow working. Here's a list of questions I had trouble finding an answer to and some roadblocks:

• Django's standard project scaffolding comes with sqlite as the database. This doesn't work well with PSA, so I migrated to mysql. Having a step-by-step guide that goes over adding PSA on a fresh Django project would be huge for this.
• Just reading the Django docs on PSA, I couldn't find anything about how and where to add the client_id, client_secret and scope for the social login provider. I was looking all over the place until I finally checked the python-... docs instead of the ones specifically for the django implementation.
• Having a list of some parameters you'd probably want to change to your project's needs would be a huge help. Here's some I would personally add to that list:

SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '<id>'
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '<secret>'
SOCIAL_AUTH_GOOGLE_SCOPE = [
    'https://www.googleapis.com/auth/youtube.force-ssl'
]
GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'approval_prompt': 'force'} # force user to accept permissions on auth flow even if given before.

SOCIAL_AUTH_GOOGLE_OAUTH2_LOGIN_REDIRECT_URL = '/login/google-oauth2/' # <----- not sure if this one actually works
LOGIN_REDIRECT_URL = '/'

And it would be crazy awesome if the guide would also walk through testing the auth flow rudimentarily. Meaning: Log in, Revoke access, Log out.

I found this helpful snippet for logging in in a SO article: <a href="{% url "social:begin" "google-oauth2" %}">Sign in with Google</a>

I'm now just missing the equivalent for revoking access to the social provider. I thought <a href="{% url "social:disconnect" "google-oauth2" %}">Revoke access to my YouTube channel</a> would work, it doesn't.

So then I start looking at the pipelines concept in PSA but I don't really know what changes if I comment out some of the pipelines, how to invoke them etc.

I would gladly create an attempt for this kind of guide on the example of Google authentication if this is something that would be appreciated.

Bottom line: This isn't meant to be negative, I really appreciate what we can do with PSA, I just think the docs could have some additional guides to help get your feet wet and answer some general questions adopters might have. Another question I will still have to look into is for example "How do I get PSA to work with my custom user model? Can I just have my model extend some PSA model?" etc.

The example lints Local variable 'token' is assigned to but never used. The fix is a simple
param substitution in the request.backend.do_auth call.

The docs should probably mention that the GoogleOpenId backend no longer works, as https://www.google.com/accounts/o8/id is now 404 (since July 2015, it seems), resulting in an openid.yadis.discover.DiscoveryFailure: HTTP Response status from identity URL host is not 200. Got status 404 exception.

Thanks!

The Django configuration docs shows the following:

SOCIAL_AUTH_PIPELINE = (
    'social_core.pipeline.social_auth.social_details',
    'social_core.pipeline.social_auth.social_uid',
    'social_core.pipeline.social_auth.social_user',
    'social_core.pipeline.user.get_username',
    'social_core.pipeline.user.create_user',
    'social_core.pipeline.social_auth.associate_user',
    'social_core.pipeline.social_auth.load_extra_data',
    'social_core.pipeline.user.user_details',
    'social_core.pipeline.social_auth.associate_by_email',
)

The issue is that create_user is coming before associate_by_email. create_user tries to save a user before associate_by_email can associate the existing user. This causes a DB error.

I'll create a quick PR to update this, but please let me know if I'm missing something?

Thanks!

Discord is supported: https://github.com/python-social-auth/social-core/blob/master/social_core/backends/discord.py
However, it isn't included in https://github.com/python-social-auth/social-docs/blob/master/docs/backends/index.rst.

When following this paragraph, I get the following deprecation warning on Django 1.10 :

WARNINGS:
?: (1_8.W001) The standalone TEMPLATE_* settings were deprecated in Django 1.8 and the TEMPLATES dictionary takes precedence. You must put the values of the following settings into your default TEMPLATES dict: TEMPLATE_CONTEXT_PROCESSORS.

This is the uptodate version that should be provided :

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'APP_DIRS': True,
        'DIRS': [
            root('templates'),
        ],
        'OPTIONS': {
            'debug': DEBUG,
            'context_processors': [
                 ...
                'social_django.context_processors.backends',
                'social_django.context_processors.login_redirect',
                 ...
            ],
        },
    }
]

Thanks all for maintaining this repo!

Just a small suggestion for usability. I keep getting to the docs from the social-auth-app-django repo, and often then want to get to the ecosystem page without Googling. A "fork me on Github" or similar link would be very helpful.

Happy to submit a PR if that's desirable, please let me know!

EDIT: just realized that the link should probably be to the ecosystem page, not "this repo" which would mean the social-docs repo. Changed.

@omab, can you please enable pull request builds on the reathedocs.org? It tests that the documentation builds and provides it for browsing making it easier to review how it will look rendered.

Documentation: https://docs.readthedocs.io/en/latest/pull-requests.html

It can be enabled in the advanced settings: https://readthedocs.org/dashboard/python-social-auth/advanced/

https://python-social-auth.readthedocs.io/en/latest/configuration/django.html#urls-entries

urlpatterns = patterns('',
    ...
    url('', include('social_django.urls', namespace='social'))
    ...
)

The url() function was removed in Django's 4.0 release. Old documentation states it was an alias for django.urls.re_path(), but the empty string route doesn't require regex, so django.urls.path() would suffice here:

  urlpatterns = patterns('',
      ...
-     url('', include('social_django.urls', namespace='social'))
+     path('', include('social_django.urls', namespace='social'))
      ...
  )

I want to restrict authentication to my app to only my company domain which uses Gsuite ( google apps for my domain/ Google work).[ I saw this post on stackoverflow that suggested using the

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS=["mycompany.com"] ](https://stackoverflow.com/questions/38566799/limit-google-oauth-access-to-one-domain-using-hd-param-django-python-social)

to restrict auth only to mycompany.com domain.

Although using this in my django app, settings.py it clearly works: I wanted to see how this is implemented and what the caveats on this approach are , but cannot see it mentioned in the documentation.

Can someone point me in the direction of how this is implemented or how better to restrict Google Oauth2 to only my domain.

Thanks
Hari

Instead they send an id_token.

This is supported by social_core, but not mentioned in the docs.

Opened the docs site to check something and I got this:

When trying to use github auth in production it is setting hostname as http://localhost:300/ not the domain the app is using.

I need to access the domain of the request because I host on different websites from the same django server and the login behaves differently depending on which domain makes request

In django views, I can access it by request.META['HTTP_HOST']
Can you please tell me the correct way to do it in a partial pipeline?

Here is my current pipeline.
I have a groupdomain model that stores the verification_methods for a domain
I want it so that if any one of the verification methods is not in the session, then the user gets redirected to enter the required details

@partial
def require_extra_info(strategy, user, uid, details, is_new, *args, **kwargs):
    if is_new:
        domain = models.GroupDomain.objects.get(domain=request.META['HTTP_HOST'])

        for method in domain.verification_methods:
            if strategy.session_get(method, None) is None:
                current_partial = kwargs.get('current_partial')
                # redirect him so he can provide extra info
                return redirect(urlresolvers.reverse('additional info', kwargs={'backend': current_partial.backend}))

Storage docs link to nonexistent implementation. I'm about 80% sure these are supposed to point somewhere inside the social-examples repo...

In the doc, there is the mention to use

SOCIAL_AUTH_FACEBOOK_AUTH_EXTRA_ARGUMENTS = {'display': 'touch'}

to have facebook expose the mobile view. With the graphAPI v3.2, this is not valid anymore and produces an unclear error.