[英]Facebook and Google Authentication process cancelled using Djoser in Django Rest framework with Next.js+React as frontend
I used Djoser to handle basic user authentication functions for me in Django Rest Framework.我使用 Djoser 在 Django Rest Framework 中为我处理基本的用户身份验证功能。 And I tried to use its social auth endpoint.我尝试使用其社交身份验证端点。 According to its documentation , if I understand correctly, I first added redirect_uri to its endpoint, eg :根据其 文档,如果我理解正确,我首先将 redirect_uri 添加到其端点,例如:
http://127.0.0.1:8000/auth/o/facebook/?redirect_uri=http://localhost:3000 http://127.0.0.1:8000/auth/o/facebook/?redirect_uri=http://localhost:3000
It worked fine.它工作得很好。 Then I used the link to authenticate and it returned code and state (as data in the code below) to me as queries in the redirect_uri.然后我使用该链接进行身份验证,并将代码和状态(作为下面代码中的数据)作为redirect_uri 中的查询返回给我。 But then when I post back the code and state in getInitialProps method from Next.js server to my backend,但是当我将 getInitialProps 方法中的代码和状态从 Next.js 服务器回发到我的后端时,
const authResponse = await axios.post(`http://127.0.0.1:8000/user_info/o/facebook/`,data,{
headers:{
'Content-Type':'application/x-www-form-urlencoded'
}
}
Django returns a status code 400. Then I used postman to test posting code and state with 'Content-Type':'application/x-www-form-urlencoded'
, it showed on the window: Django 返回状态代码 400。然后我使用邮递员测试发布代码和状态'Content-Type':'application/x-www-form-urlencoded'
,它显示在窗口上:
{
"non_field_errors": [
"Authentication process canceled"
]
}
I tried the same case with Google OAuth2.我用 Google OAuth2 尝试了同样的情况。 The following is the python code in my settings.py.以下是我的settings.py中的python代码。
import os
from dotenv import load_dotenv
load_dotenv()
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
DEBUG = True
ALLOWED_HOSTS = ['127.0.0.1','0.0.0.0']
INSTALLED_APPS = [
...
'djoser',
'social_django',
'rest_framework',
'rest_framework.authtoken',
'corsheaders',
'user_info',
...
]
...
CORS_ORIGIN_WHITELIST = [
"http://localhost:3000",
]
ROOT_URLCONF = 'myprojectname.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [os.path.join(BASE_DIR, 'templates')],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'social_django.context_processors.backends',
'social_django.context_processors.login_redirect',
],
},
},
]
...
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication'
),
'DEFAULT_PERMISSIONS_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
)
}
...
AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.ModelBackend",
"djoser.social.backends.facebook.FacebookOAuth2Override",
"social_core.backends.google.GoogleOAuth2"
]
SOCIAL_AUTH_FACEBOOK_KEY = os.getenv('FACEBOOK_APP_ID')
SOCIAL_AUTH_FACEBOOK_SECRET = os.getenv("FACEBOOK_SECRET_KEY")
SOCIAL_AUTH_FACEBOOK_SCOPE = ["email"]
SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {"fields": "id, name, email"}
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = os.getenv('GOOGLE_APP_ID')
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = os.getenv("GOOGLE_SECRET_KEY")
SOCIAL_AUTH_RAISE_EXCEPTIONS = False
DJOSER ={
"LOGIN_FIELD": "email",
"USER_CREATE_PASSWORD_RETYPE":True,
"SEND_ACTIVATION_EMAIL": True,
"ACTIVATION_URL":f'{os.getenv("FRONTEND_URL")}/activate/'+'{uid}/{token}',
"SERIALIZERS": {
'user_create':'user_info.serializers.UserCreateSerializer',
'user':"user_info.serializers.UserCreateSerializer"
},
"SOCIAL_AUTH_ALLOWED_REDIRECT_URIS": [os.getenv("FRONTEND_URL")],
}
AUTH_USER_MODEL = 'user_info.User'
...
I only set my app domains as localhost
and site url as http://localhost:8000/
in Facebook developer console.我只在 Facebook 开发人员控制台中将我的应用程序域设置为localhost
,将站点 url 设置为http://localhost:8000/
。
Is there anyway I can get rid of the Authentication Process Cancelled and successfully get the token?无论如何我可以摆脱身份验证过程取消并成功获取令牌吗? Thanks a lot!!!!非常感谢!!!!
I have the same issue and I was able to solve this one, however I got sucked into another but this will probably solve this issue for you.我有同样的问题,我能够解决这个问题,但是我陷入了另一个问题,但这可能会为你解决这个问题。 Just whitelist your URI to be authorized.只需将您的 URI 列入白名单即可获得授权。 I use Google OAuth and here's a screenshot of what I mean to convey.我使用 Google OAuth,这是我要传达的意思的屏幕截图。
You need to set 'http://127.0.0.1/' as the authorized domain.您需要将“http://127.0.0.1/”设置为授权域。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.