3

I have implemented an application using django-allauth that logs in users using either a normal django user login or through a google or github social login. This seems to work fine until now - users can either log in to this application using their google or github accounts or through the normal django account.

Now, the users can add a number of resources in this application, which I'd like to access from a different application using a REST api. So the first application needs to be an oauth2 provider -- I tried implementing it with the help of django-oauth-toolkit (which is using python-oauthlib).

In any case, I tried following the tutorial for creating a provider found: here https://django-oauth-toolkit.readthedocs.org/en/0.7.0/tutorial/tutorial_01.html. All the steps were completed ok, so I visited the http://django-oauth-toolkit.herokuapp.com/consumer/ in order to test my provider (as proposed by the tutorial),

So when I requested access, I got the login screen to my application. When I tried logging in with the normal django user, everything was ok and I was able to grant access to my provider. However, logging in with the social account was not successful: I clicked on "Github" to login with my github account -- I got the normal github login screen, but after I logged in with github I got the django-allauth error page (An error occurred while attempting to login via your social network account). What was actually strage was the following error in my url get parameters:

error=redirect_uri_mismatch
&
error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.

Any ideas what could be the problem ?

Also, a more general question: I wasn't able to find a similar flow (using an oauth provider that uses other oauth providers to login). Is it actually possible to do that ?

Update: As it turns out, the problem was that I was using http://127.0.0.1:8000/ for my local oauth2 provider but I'd written http://localhost:8000/ to the Authorization URL of the testing consumer (http://django-oauth-toolkit.herokuapp.com/consumer/). That was the reason I was getting the redirect_url_mismatch error - after I changed it to http://127.0.0.1:8000/ everything worked ok -- and that answers my 2nd question: You can chain oauth providers !!!

Maxime Lorant
  • 34,607
  • 19
  • 87
  • 97
Serafeim
  • 14,962
  • 14
  • 91
  • 133
  • Could you add some details on how is configured your OAuth2 application in django-oauth-toolkit? (client type, ecc) – Masci Apr 29 '14 at 09:49
  • I've used *exactly* the settings proposed by the django-oauth-toolkit tutorial (Client type:Confidential, Authorization grant type: Authorization code). – Serafeim Apr 29 '14 at 09:54
  • chances are that at some point GitHub receives the `redirect_uri` param filled by the OAuth2 client in your second app, thus the error. If you can confirm this is the case, probably some work is needed to "backup" the original redirect_uri param, complete github authentication flow and finally authorize the client. – Masci Apr 29 '14 at 13:02
  • @Masci well it was actually a very stupid problem, please see my update for more info. – Serafeim Apr 29 '14 at 18:42
  • Glad you solved and thanks for the update! – Masci Apr 29 '14 at 21:38

0 Answers0