A simple and up-to-date way to implement Facebook login in a Django app

Question

This issue is very common in stackoverflow, and there's a lot of different questions and answers about it, yet I couldn't find exactly what I need.

First, I'd like to define exactly what I need: the option to let users log in to my app using their Facebook credentials. The app will save a matching classic Django user. I will only need to use the user's profile picture and to make sure that each time the same Facebook user will be related to the matching Django user.

Unfortunately, I find it really frustrating to implement for the following reasons:

1. By now, after reading a lot, I couldn't find out what is the best package for this task.
2. Some people recommend django-social-auth and praise its functionality and documentation. Personally, I don't understand why, since it's not specifically for Facebook and there are no explanations about the client side, ie the Facebook login button and how the whole flow works.
3. When you go to Facebook developers, you suddenly find yourself reading about some magical javascript sdk, and about a promise that that's all you need. Then you get frustrated again and can't understand how a client side related sdk can sign up users to your app.

I know developers somehow implement Facebook auth packages in their apps, but I just can't figure out how to do it.

If anyone could tell me: at this time point, what is the best way to add Facebook authentication to my Django app? I would also ask for detailed documentation / tutorial that explains how to log in a Facebook user, from settings and configuration level through signup to Django app and to client side code.

Answer 1

There are multiple ways to approach the problem, what is the "best" way is really subjective.

Subjectively speaking, you could opt for django-allauth . Here are a few pointers to help you get started:

• If you want to keep the signup simple, set SOCIALACCOUNT_AUTO_SIGNUP to True in order to achieve a "no questions asked" login. Users simply approve the FB dialog and they end up logged in in your site right away.

• Adding a login button to your template is merely a matter of:

  <a href="{% provider_login_url "facebook" %}">Sign In</a>

• The app offers support for the JS SDK login (pro: users are accustomed to the typical FB popup that appears), or you can use your own OAuth flow. Whatever you please.

Answer 2

The fastest way understand FB's Oauth 2.0 flow is to play with FB's Javascript SDK. Once you get the hang of it, the FB's PHP library is similar. Also, other OAuth sites like Google, Twitter or Dropbox have almost identical implementation.

In baby steps:

1. Learn how to install FB Javascript SDK onto a simple page

2. Use FB.login to determine login status and obtain the login url.

3. Lastly, use FB.Event.Subscribe and subscribe to auth.statusChange to detect the login/logout changes.

Also, good to check out https://developers.facebook.com/roadmap/ on the upcoming features or features being removed.

Answer 3

django-social-auth is not just for Facebook, but that doesn't mean you should use all the backends available.

Project documentation is at http://django-social-auth.readthedocs.org/en/latest/index.html and Facebook backend details at http://django-social-auth.readthedocs.org/en/latest/backends/facebook.html .