Django REST to React-在没有密码的情况下获取社交身份验证令牌 [英] Django REST to React - getting social auth tokens without password
问题描述
我想将关于当前已通过身份验证的用户的信息传递给React,该应用程序仅在后端使用社交身份验证(由social_django处理).我所有的用户令牌和用户令牌信息都存储在django REST中,并且要访问令牌,通常我必须将POST请求发送到rest_framework.authtoken的gain_auth_token视图.我的Django根urls.py文件如下:
I want to pass info to React about the current authenticated user within an app that only uses social authentication on the backend (that is processed by social_django). All of my user and user token info is stored within django REST, and to access the tokens, I normally have to send POST requests to rest_framework.authtoken's obtain_auth_token view. My django root urls.py file looks like:
...
from rest_framework.authtoken.views import obtain_auth_token
urlpatterns = [
...
url(r'^obtain-auth-token/$', obtain_auth_token),
...
]
但是,为了在数据库中实际获得与用户相关联的身份验证令牌,我需要在POST请求中提供用户名和密码.社交身份验证会自动创建新用户而无需分配任何密码,那么如何获得这些令牌?
However, in order to actually get the auth tokens associated with the users in my database, I need to supply the username and password within my POST request. Social authentication automatically creates new users without assigning any passwords, so how do I get those tokens?
推荐答案
您的工作正常了吗?如果没有,这就是我所做的.希望对您有所帮助.
Have you got this working? If no, here is what I did. Hope it helps.
我的设置:
- 带有Postgres的Django
- 用于REST API实现的Django Rest框架
- 用于社交身份验证的Python Social Auth(PSA)(目前使用Google+库)
- Reactjs前端
使用< a href ="{%url'social:begin''google-plus'%}">登录</a> 进行登录时,它会翻译为/login/google-plus/.这不仅会获得acess_token,还会在您的数据库中创建一个社交用户".我使用的是oauth 2.0客户端库,并大致遵循
While using <a href="{% url 'social:begin' 'google-plus' %}">Login</a> for login, it translates to /login/google-plus/. This not only get's the acess_token but also creates a "social user" in your database. I used oauth 2.0 client side libraries in my case and roughly followed this approach to fetch the google user object with all the details on the client side. I replaced form in above link with ajax call which is more flexible and gives control to me to access tokens and other information necessary. The ajax call here ensures creation of social user in social auth table within the database.
<script type="text/javascript">
gapi.load('auth2', function () {
let auth2;
auth2 = gapi.auth2.init({
client_id: "YOUR CLIENT ID",
scope: "profile",
cookie_policy: 'single_host_origin'
});
auth2.then(function () {
let button = document.getElementById("google-plus-button");
auth2.attachClickHandler(button, {}, function (googleUser) {
// Send access-token to backend to finish the authenticate
// with your application
let authResponse = googleUser.getAuthResponse();
$.ajax({
"type": "POST",
"url": "/complete/google-plus/",
"data": {
"access_token": authResponse.access_token,
"CSRF": "{% csrf_token %}"
}
}).then(function(data){
console.log(data);
// Your success code
}).fail(function(error){
console.log(error);
});
});
});
});
</script>
获取访问令牌后,您可以将它们存储在浏览器本地存储中,直到用户注销为止.注销后,您可以删除它们.
Once you fetch the access_tokens you can store them in browser local storage till the user logs out. On log out you can delete them.
对于我提到的设置,此方法对我来说效果很好.此外,根本不存在使用用户名和密码查询/obtain-auth-token 的问题.
This method works well for me for the setup I mentioned. Also the problem of querying /obtain-auth-token with username and password is not there at all.
我们肯定会想知道是否还有其他方法可以从PSA django访问社交身份验证令牌.干杯!
Would definitely be interested to know if there are other ways of accessing social auth tokens from PSA django. Cheers!
这篇关于Django REST to React-在没有密码的情况下获取社交身份验证令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
