6

I have read the documentation here: django-rest-framework-social-oauth2, but everything is very unclear to me (It's my first time working with this).

and by the end it shows some configuration of how to do the settings to use facebook Oauth2. And there's this information on the docs:

You can test these settings by running the following command :

curl -X POST -d “grant_type=convert_token&client_id=<client_id>&client_secret=<client_secret>&backend=facebook&token=<facebook_token>”  http://localhost:8000/auth/convert-token

This request returns the “access_token” that you should use on all HTTP requests with DRF. What is happening here is that we are converting a third-party access token (user_access_token) in an access token to use with your api and its clients (“access_token”). You should use this token on each and further communications between your system/application and your api to authenticate each request and avoid authenticating with FB every time.

Does it mean that with this endpoint I will be able to somehow "override" a sing up method creating a user on my application with the same user_access_token it has on facebook?

If this is right, by my understanding. After I get the FB.getLoginStatus response, I will be able to make calls on my own API endpoints referring to the logged user with his facebook user_acess_token (That also is the same on my system).

I guess I would also need to add social accounts tokens to user models?

Am I right?

Joabe da Luz
  • 1,030
  • 2
  • 18
  • 32

1 Answers1

3

I could test it with a test token from facebook and it behaves as I expected like I wrote in my question.

Joabe da Luz
  • 1,030
  • 2
  • 18
  • 32
  • 2
    How did you get the access token? I'm assuming cleint id and client secret is what we getting from fb after registering our app. Please help – randomuser Jul 19 '16 at 10:13
  • @AjaySingh you can make a javascript request using the [facebook documentation](https://developers.facebook.com/docs/facebook-login/web) and it will give you an access_token to test your backend. And yes, the `client_secret` and the `client_id` are the ones you get after registering your app. – Joabe da Luz Jul 19 '16 at 16:40
  • I wanted to use django-rest-framework-social-oauth2 for this, but it keeps on getting 404 as my project doesn't have any route to url "http://localhost:8000/auth/convert-token" Do I need to add something to my urls.py? – randomuser Jul 19 '16 at 16:55
  • @AjaySingh checkout their [github documentation](https://github.com/PhilipGarnero/django-rest-framework-social-oauth2). I openned two issues there with questions and somehow I explained my implementation. I don't know what is your case but here are the issues [Issue 1](https://github.com/PhilipGarnero/django-rest-framework-social-oauth2/issues/55) and [Issue2](https://github.com/PhilipGarnero/django-rest-framework-social-oauth2/issues/58) – Joabe da Luz Jul 19 '16 at 17:15
  • @AjaySingh I don't know exactly how you are doing, but you have to set some configuration. Also, some endpoint answer 404 if you don't set the right playload on them. – Joabe da Luz Jul 19 '16 at 17:17
  • I'm using same settings as https://github.com/PhilipGarnero/django-rest-framework-social-oauth2#facebook-example and my curl call is curl -X POST -d "grant_type=convert_token&client_id=&client_secret=&backend=facebook&token=" http://localhost:8000/auth/convert-token which is throwing 404 – randomuser Jul 19 '16 at 17:23
  • @AjaySingh Post a more detailed question and send me the link. I will see if I can help you if you show more information about your settings. Also post the full 404 error message. – Joabe da Luz Jul 19 '16 at 17:33
  • this is all I've done.. added settings to my django application and calling this curl but resulting in 404 – randomuser Jul 19 '16 at 19:04
  • I solved that issue. But now i'm getting : {"error":"invalid_request","error_description":"Invalid client_id parameter value."} i've copied my client id from fb developer consol only. Any idea why is that happening? – randomuser Jul 20 '16 at 09:45
  • @AjaySingh These parameters (client_id and client_secret) are returned from your Application. On the [instalation](https://github.com/PhilipGarnero/django-rest-framework-social-oauth2#installation) topic go to the step `Now go to django admin and add a new Application.` and your admin you defined these variables (client_id and secret). Copy them and send them on you request. – Joabe da Luz Jul 23 '16 at 00:39
  • @AjaySingh You can also overwrite these endpoints and get these ids from your own code. If you study this code [here](https://github.com/PhilipGarnero/django-rest-framework-social-oauth2/issues/58#issuecomment-222819075) you will see that you can overwrite the package endpoint. It's good because you won't ask to many information from your client app. Sorry it took me too long to answer you. Try to email me if you have any questions (email on my profile) – Joabe da Luz Jul 23 '16 at 00:50
  • I've already integrated this library. It's working fine as of now. Thanks for your reply. Will surely mail you in case i need to customize it. Thanks :) – randomuser Jul 25 '16 at 19:37
  • Wait so we are doing posts request from our app with our client_id and client_secret ? So anyone can see them ? – Paul Bénéteau Jan 19 '21 at 19:55