Can we pin this comment? The author of oauth2 basically said oauth2 is a dumpster fire and removed his name from the authorship of the spec. It is a dumpster fire with security holes and shouldn't be used anymore. this was less than a year ago.
No need to thank me! You and your contributors have done all the hard work! I look forward to reading up in the near future the improvements that have been made and no doubt will definitely be showing more in the coming year! Happy Holidays!
You will be even more surprised when I tell you that I will make 3 more very shortly 😂 - this one is a little chatty and directed at the code we are already working on. I will do another one with Allauth with a new Django project and React, then VueJS with allauth in a few days. I think that should cover all bases at least to get the code off and running.
Thanks a lot Very Academy , this is a awesome tutorial , I have been struggling with django DRF Social Logins for a long time... Fortunately your tutorial cleared all my doubts 🙏🙏
Hello, I can never thank you enough. The way you teach, presentation workflow, and of course the professional English is amazing ( the accent also helped wink) .all things considered, I have a degree in computer engineering, and I have never seen flawless teaching like this one . thank you very much.
hello, you have no idea how grateful I am for your content. I have one question and hope you can address it soon. is there a chance that both simple jwt and social auth can co-exist, i want to implement them in one project and in separate apps though.
hey there.. is there a way for user to be able to log in with email & password and at the same time login with Google/Facebook if they're using the same email?
Have you planned about creating another Django course playlist? I hope it would be social media site or e-learning site by utilizing Django templates for frontend. By the way, thanks for amazing django contents.
Hi Becu, you are totally on my wavelength here - that is exactly what I was thinking about e-learning type of project. That and I was going to start an e-commerce project. Yeah, I agree with Django templates - it is hard work doing front and back - adds a lot of time to the preparation. Thank you kindly for your comments 👍
First of all thank you for this series and I have learnt a lot from the channel, on JWT authentication which of course we are submitting the requests to server via axios,it like my authentication is not working because whenever i submit a request with my authentication set to JWT its always raising a forbidden end point issue .therefore not able to submit any request when logged in
Very nice tutorial, sir please make an e-commerce using Nuxtjs and django just like you did using in the previous videos but now please make use of the modern frontend framework
After you refactored the code to remove drf-simple-jwt and include the drf-social-auth, I observed that the logic for the user logout for the react frontend wasn't refactored. It still had the route pointing to "/user/logout/blacklist". That route, however, doesn't exist anymore. So how would you then handle user logout? Revoke token I guess? And one more question, in which scenario do we revoke all user tokens?
STOP WATCHING NETFLIX AND START WATCHING VIDEOS LIKE THIS!!!!!!!!! IT'S 2021 AND WE NEED TO GET EMPLOYED OR ELSE WE'RE GONNA DIE OF STARVATION!!!!!!!! HAPPY NEW YEAR, EVERYONE!!!!!!!!!!!
So at 1:00:45 you mention that Django creates a new user in the Django database. Is this the most advisable pattern when using SSO - to also create users locally that represent users in the external authentication system? Even though there is an IDP (Facebook, Google) with the users account? I have seen this pattern repeated in many places (of creating users locally even though you are authenticating remotely such as LDAP/AD, Social Auth etc.) so I'm thinking its not just enough for the Django backend to validate a token that it recieves, but it should also create/maintain its own user accounts and implement its own token mechanism.
The best oauth tutorial, not any other django channels has gem than this one. You are the best. Also if we want to have jwt login and social login side by side in same project. Does this method overrides jwt auth or not
Awesome series, wondering if this will be continued? Would love to see the email validation and react login links completed. Also curious if anyone has a good solution around fetching a json form schema for react form validation purposes?
I don't have any plans yet to continue this just yet. So many other things - I am committed to ecommerce for now until that is done. But noted about react login links and email validation.
tip: never skip why you do things. E.g. the grant type, client type.. this is very very important. setting it wrongly can result into a security problem.
Appreciate that comment Rogier. It is always a dilemma where to provide more info without going on too long. My tutorials in my humble opinion fall short in many areas which I will slowly address over time. In the first year I have set-out to perfect recording/mic position/sound/editing and getting used to multitasking on camera - I am experimenting getting the right formula. I will slowly introduce more structure to the tutorials and features. This type of feedback is great because I start to better understanding/feel/focus as to what people want to see actually in the tutorials. Thank you once again.
Hi, Thank you for the very helpful tutorials. I want to restrict access to some of the APIs. I mean without login those APIs will not be accessible. How to do that ?
For those having the error: invalid_client. You have to copy and paste the client id and client secrete into a notepad BEFORE you save the application. Copy paste both as soon you open the new application. Because saving it changes the client secret to hashed client secret which cannot be used in postman. Unhashed: kvTbqBKuUx6T8V46lsel7bCtN81jRqk64VNi8NSzuZgLekPD14xsw5dH0sdxltp0RV4Qp3F4Ep9TAMf8Zovvh2PouHZrhNVxkHlBqBtWQFwj1HkamApMIxl6ZOGohV9p Hashed: pbkdf2_sha256$216000$sCPYuUFy236Q$X6Isj5YUWaav511hVdZzef3Aw7vYecM72ruidBkwd4k=
Thanks for the tutorial. I just downloaded the github version and tried at local (I did not watch the videos yet). I get the error "Unauthorized: /api/user/create/" when trying to register.
Thank you very much for the tutorial and all the work of the channel. I would like to know if there is any way to add values (such as the expiration time of the token) to the token payload? Again thank you very much!
I tried the same but with Google Oauth , But I am getting issue as {"error":"access_denied","error_description":"Your credentials aren't allowed"} once I submit convert-token/ request
Quick question, If I want django to handle the form and put a csrf token over the top, how can I get react to accept the {% csrf_token %} or the {{ form.etc }} especially in the case where I want people to add their own info instead of putting it directly through admin.
This is a common question I get asked, csrf api - have a look at this see if this helps stackoverflow.com/questions/50732815/how-to-use-csrf-token-in-django-restful-api-and-react if not get back to me
Hello I need to associate social accounts to login, drf-social-oauth2 provide "associate_by_email" (which associate if same email). But how to associate social accounts which is using different emails?
So when you have set up everything, how do you access the protected routes in the api? Do we need attach the access token with each request to api and refresh it periodically?
@@veryacademy Haha found out the experimental way. Felt weird as the api routes you designed were protected. Got disconnected and forgot things from tutorial 3 to here. It would be helpful I guess if you could mention that here as well.
Have you found some solution, or can I use jwt and this third party package at the same time, for ex. jwt for normal users and social-oauth for social sign in users
Hi ! Could you help me in making the navbar look good. Like if the user didn't login the navbar should contain register and login buttons and once the user logs in the navbar should contain logout button
I have a question. Why do we have to delete the JWT? Can we keep both since for example my app needs both regular login (built in Django and authenticate with JWT) and social login (Facebook, Google)?
@@ashiqhussainkumar1391 hello, since I used the newer React version, I had to edit some parts of it, but overall it was very detailed and easy to understand.
Is it secure to put the client id and client secret and giving it in plain text to the user for oauth? I am very new to oauth, and at a first glance it does not seem risky, but is it? Also AMAZING video. Helped a ton develop my blog. :)
I Have one question basically in my app I use 'rest_framework.authentication.TokenAuthentication', and I don't want to use the JWT token authentication what should I do?
Why is it used when it isn't used. Sounds like you are asking me a quantum physics question. I would answer and say when you don't look at it based on quantum theory, SOCIAL_AUTH_GOOGLE_OAUTH2_KEY will be set and not set at the same time. 👍
Hi Saad, not sure what you mean by DRF auth. Sorry to confuse you, sometimes I do things just because I think it is useful to experience even when it might look or feel counterproductive. It help establish a wider knowledge based.
Well what i got confused about is using and other auth package, and i m wondering if it is optimal, in other words it will cause some problem if i used both third party package simplejwt and the package that u used in this tutorial for social auth, and i realy like your content, and last question can u recommande which 3rd party package is the best to use for auth in general with the option of social auth ??
You are not really logging out - when token is removed from the client they can not longer access resources/pages as if they did have a token (logged in as you describe it) on the backend the tokens can be saved - so you can also delete them too.
Hey, NoSQL databases have there place if you should want to use that. Of course the data principles are very different from relational tables which you will need to feel comfortable with before you start working with NoSQL approaches. But of course it is more than possible. Is it a good idea - yes of course it is but only if the project / data lends itself towards the benefits of the NoSQL approach. - Was that a request for Django + Mongo or just a request for deploying this React app?
In facebook authentication I am getting this error, what should i do? >> Facebook has detected that DRF isn't using a secure connection to transfer information. Until DRF updates its security settings, you won't be able to use Facebook to log in to it. Please help
Evening David, I appreciate what you are trying to ask but I am not currently providing any of these types of services. But I will always try and answer any questions you might have
@@veryacademy hey thank you for the videos but i wont feel comfortable to ask random stuff in the comment section ), if there was some kind of way to ask you stuff... but i guess you prob have different plans. anyway thank a lot for your content.
@@veryacademy The thing is I'm working on a system that has a bunch of users registered. Is there a way to give them a client_id and client_secret for each?
Hi Shyam, good question. Looking through the manual I remember this was needed to define the model fields when you use a custom user model. I was going to link this to you - but - I cant find it. Unlikely I just made this up though, but I could have just got this wrong. If you remove it - see what happens - that will answer the question!
Hi Alkfalfn - really sorry I cant give you this type of support at the minute. I know it doesn't help but just reading through it and take it step by step testing where you can.
i followed every every step and i also clone Final code sample, when i send request from the front-end to backend(/auth/convert-token) after accessing the reference token it gives and bad request error code 400 please help me if im missing something.
I figured it out if anyone else runs into this problem. The user I signed up with via FB was not set to "Active" since I was following along with the tutorial and he fixes the code for this at a later stage in the video. You need to update your user model to have is_active default=True. If your user has already been added, you need to go into the admin panel and update the user to is_active
What is password for a user created by social login? I mean while creating a user in database with information received from facebook, we also need to provide password, what is it? Token gotten from facebook?
After the user is logged in how am i supposed to get all his data, to display it in its profile. Can you help me with how can i get the users data, cause i just have the access and refresh tokens.
Hello, just very briefly - make sure you are not collecting any sensitive data. Maybe build a custom user table first. To get user data - you need to make an API get request to the server. Like how it is done to collect the post data, make another request for the user data and store it somewhere - maybe initially in the local storage.
@@veryacademy thanks i am going with local storage for now. I have one more problem - i have an admin user too, should i store a another varaible in local storage for admin, so that my app can distinguish between the two and display what is required
Great video! However, after removing simple-jwt we cannot longer blacklist our refresh tokens. Am I right? If so, how should I combine simple jwt with social login? Perhaps I should use this library, because it uses simple-jwt: github.com/st4lk/django-rest-social-auth
@@mymawazo1449 Hi, you have to copy and paste the client id and client secrete into a notepad and use that as soon you open the new application. Because saving it changes the client secrete to hashed client secrent which cannot be used in postman. Unhashed: kvTbqBKuUx6T8V46lsel7bCtN81jRqk64VNi8NSzuZgLekPD14xsw5dH0sdxltp0RV4Qp3F4Ep9TAMf8Zovvh2PouHZrhNVxkHlBqBtWQFwj1HkamApMIxl6ZOGohV9p Hashed: pbkdf2_sha256$216000$sCPYuUFy236Q$X6Isj5YUWaav511hVdZzef3Aw7vYecM72ruidBkwd4k=
Even after all these updates, it's not working for me. So do you mind checking again? I'm stuck at auth/token in postman. It always shows invalid client. The application screen in django is different for me than you
Can we pin this comment? The author of oauth2 basically said oauth2 is a dumpster fire and removed his name from the authorship of the spec. It is a dumpster fire with security holes and shouldn't be used anymore. this was less than a year ago.
where did he say it?
Thanks for showing drf-social-oauth2. I am the main maintainer of the framework. I've been trying to dedicated more time to it! Cheers.
No need to thank me! You and your contributors have done all the hard work! I look forward to reading up in the near future the improvements that have been made and no doubt will definitely be showing more in the coming year! Happy Holidays!
@@veryacademy liewise! All the very best in the coming year.
@@b992152 any about invalid client error. Have tried everything
Ohh dang.. its rare to see any oauth related tutorials.. you the best man, cheers!!
You will be even more surprised when I tell you that I will make 3 more very shortly 😂 - this one is a little chatty and directed at the code we are already working on. I will do another one with Allauth with a new Django project and React, then VueJS with allauth in a few days. I think that should cover all bases at least to get the code off and running.
@@veryacademy oh you're going to make another project with allauth? dang.. mad respect.. best of luck to you bruv..
@@whichdude420 Few days - probably a bit longer!
You are one of the best instructors in the world!
I'm doing it with Flutter and Django app, and this tutorial is real gold!
👍
I am actually developing and Ember.JS app with a Django backend even tough these videos had exactly what I needed. Thanks!
Thanks a lot Very Academy , this is a awesome tutorial , I have been struggling with django DRF Social Logins for a long time...
Fortunately your tutorial cleared all my doubts 🙏🙏
Glad it helped!
best tutorials on the youtube.
Thank you - again! Hope you are well 👍
Hello, I can never thank you enough. The way you teach, presentation workflow, and of course the professional English is amazing ( the accent also helped wink) .all things considered, I have a degree in computer engineering, and I have never seen flawless teaching like this one . thank you very much.
Great and quality lesson. Thank you and hello from Russia
Hi Alex, thank you! 👍
I have planned to watch a movie today. Well, I guess that can be postponed! Thank you!
Depends what movie you were going to watch 😂
hello, you have no idea how grateful I am for your content. I have one question and hope you can address it soon.
is there a chance that both simple jwt and social auth can co-exist, i want to implement them in one project and in separate apps though.
Super useful series. Thank you!
This is exactly what i have been looking for 😃
Good to hear
Respect.
Thank you for hard work.
Thank you! - Hopefully there is some value here for you
hey there.. is there a way for user to be able to log in with email & password and at the same time login with Google/Facebook if they're using the same email?
Have you planned about creating another Django course playlist? I hope it would be social media site or e-learning site by utilizing Django templates for frontend.
By the way, thanks for amazing django contents.
Hi Becu, you are totally on my wavelength here - that is exactly what I was thinking about e-learning type of project. That and I was going to start an e-commerce project. Yeah, I agree with Django templates - it is hard work doing front and back - adds a lot of time to the preparation. Thank you kindly for your comments 👍
Thank you for this series! Would love this with FastAPI and Vuejs with admin dashboard that totals number of users and posts by type/category.
First of all thank you for this series and I have learnt a lot from the channel, on JWT authentication which of course we are submitting the requests to server via axios,it like my authentication is not working because whenever i submit a request with my authentication set to JWT its always raising a forbidden end point issue .therefore not able to submit any request when logged in
Very nice tutorial, sir please make an e-commerce using Nuxtjs and django just like you did using in the previous videos but now please make use of the modern frontend framework
Great video sir!
Thanks a lot.
Amazing tutorial !! Thankyou
You are welcome! 👍
After you refactored the code to remove drf-simple-jwt and include the drf-social-auth, I observed that the logic for the user logout for the react frontend wasn't refactored. It still had the route pointing to "/user/logout/blacklist". That route, however, doesn't exist anymore. So how would you then handle user logout? Revoke token I guess? And one more question, in which scenario do we revoke all user tokens?
any luck?
STOP WATCHING NETFLIX AND START WATCHING VIDEOS LIKE THIS!!!!!!!!! IT'S 2021 AND WE NEED TO GET EMPLOYED OR ELSE WE'RE GONNA DIE OF STARVATION!!!!!!!! HAPPY NEW YEAR, EVERYONE!!!!!!!!!!!
Yeah, any jobs going let me know 😂
So at 1:00:45 you mention that Django creates a new user in the Django database. Is this the most advisable pattern when using SSO - to also create users locally that represent users in the external authentication system? Even though there is an IDP (Facebook, Google) with the users account? I have seen this pattern repeated in many places (of creating users locally even though you are authenticating remotely such as LDAP/AD, Social Auth etc.) so I'm thinking its not just enough for the Django backend to validate a token that it recieves, but it should also create/maintain its own user accounts and implement its own token mechanism.
The best oauth tutorial, not any other django channels has gem than this one. You are the best.
Also if we want to have jwt login and social login side by side in same project. Does this method overrides jwt auth or not
you can use both jwt and social
Give him a medal 🥇
🎉
Thank you so much, brother. This helped me a lot. 🙇🙇🙇
Awesome series, wondering if this will be continued? Would love to see the email validation and react login links completed. Also curious if anyone has a good solution around fetching a json form schema for react form validation purposes?
I don't have any plans yet to continue this just yet. So many other things - I am committed to ecommerce for now until that is done. But noted about react login links and email validation.
Thank you very much for such a good video. Much love🥰
You are so welcome 👍
tip: never skip why you do things. E.g. the grant type, client type.. this is very very important. setting it wrongly can result into a security problem.
Appreciate that comment Rogier. It is always a dilemma where to provide more info without going on too long. My tutorials in my humble opinion fall short in many areas which I will slowly address over time. In the first year I have set-out to perfect recording/mic position/sound/editing and getting used to multitasking on camera - I am experimenting getting the right formula. I will slowly introduce more structure to the tutorials and features. This type of feedback is great because I start to better understanding/feel/focus as to what people want to see actually in the tutorials. Thank you once again.
Thanks very much for this amazing content. Just found this channel. Sir your amazing. New sub 😊😊
Welcome aboard Ghislain! Thank you for joining us! 👍
Hi,
Thank you for the very helpful tutorials.
I want to restrict access to some of the APIs. I mean without login those APIs will not be accessible. How to do that ?
This should help you www.django-rest-framework.org/tutorial/4-authentication-and-permissions/
@@veryacademy good link. thank you 👍
just wondering how to implement logout with this new setup?
you're great man🙂
For those having the error: invalid_client.
You have to copy and paste the client id and client secrete into a notepad BEFORE you save the application. Copy paste both as soon you open the new application. Because saving it changes the client secret to hashed client secret which cannot be used in postman.
Unhashed:
kvTbqBKuUx6T8V46lsel7bCtN81jRqk64VNi8NSzuZgLekPD14xsw5dH0sdxltp0RV4Qp3F4Ep9TAMf8Zovvh2PouHZrhNVxkHlBqBtWQFwj1HkamApMIxl6ZOGohV9p
Hashed:
pbkdf2_sha256$216000$sCPYuUFy236Q$X6Isj5YUWaav511hVdZzef3Aw7vYecM72ruidBkwd4k=
Thank you bro ❤❤❤
This is exactly what I am looking for. Great video. (liked and subscribed)
Thanks for the sub! More content coming soon!
@@veryacademy Do you think django-allauth is easier to setup than drf_social_oauth2?
Thank you. Waiting for vue.js.
👍
Thanks for the tutorial. I just downloaded the github version and tried at local (I did not watch the videos yet). I get the error "Unauthorized: /api/user/create/" when trying to register.
Probably because you haven't setup your social API keys - you wont be able to use mine.
Super useful video, I am trying to adapt this to a django/react app but using graphql and really struggling.
Thank you
You're welcome
Hi teacher, could you make a tutorial about Django REST framework + Angular front end login with Facebook?
Thank you very much for the tutorial and all the work of the channel. I would like to know if there is any way to add values (such as the expiration time of the token) to the token payload? Again thank you very much!
I tried the same but with Google Oauth , But I am getting issue as {"error":"access_denied","error_description":"Your credentials aren't allowed"} once I submit convert-token/ request
Is normal authentication and login redirection meant to be working following this #9 tutorial? i.e, following from your previous guides?
why we are removing simple jwt package we can also use it alongside drf-social-oauth2 ? why can u give any reason ?
Absolutely no idea 👍
Quick question, If I want django to handle the form and put a csrf token over the top, how can I get react to accept the {% csrf_token %} or the {{ form.etc }} especially in the case where I want people to add their own info instead of putting it directly through admin.
This is a common question I get asked, csrf api - have a look at this see if this helps stackoverflow.com/questions/50732815/how-to-use-csrf-token-in-django-restful-api-and-react if not get back to me
I wanted to do this with Vue3 instead of react and Google Authentication instead of Facebook. Finally got it working but was a bit of a pain 🤦♂
Hello I need to associate social accounts to login, drf-social-oauth2 provide "associate_by_email" (which associate if same email). But how to associate social accounts which is using different emails?
for testing facebook login in localhost https is required which can be enabled by setting HTTPS env variable to true and then npm start.
hey, just checked the tutorial it was great but in addition to it how do we do it with custom user model with jwt token ?
Please can you do a video on Django Rest Auth and its SocialConnectViews
Noted - thank you
So when you have set up everything, how do you access the protected routes in the api? Do we need attach the access token with each request to api and refresh it periodically?
Yes, in general terms - If i understand you correctly - yep that is right.
@@veryacademy Haha found out the experimental way. Felt weird as the api routes you designed were protected. Got disconnected and forgot things from tutorial 3 to here. It would be helpful I guess if you could mention that here as well.
really appreciate your videos. thank you. What about normal signup procedure? how to create refresh and access_tokens on signup?
Have you found some solution, or can I use jwt and this third party package at the same time, for ex. jwt for normal users and social-oauth for social sign in users
Hi !
Could you help me in making the navbar look good. Like if the user didn't login the navbar should contain register and login buttons and once the user logs in the navbar should contain logout button
I have a question. Why do we have to delete the JWT? Can we keep both since for example my app needs both regular login (built in Django and authenticate with JWT) and social login (Facebook, Google)?
@@ashiqhussainkumar1391 hello, since I used the newer React version, I had to edit some parts of it, but overall it was very detailed and easy to understand.
@@TamPham-lg9mo is there any changes from Django back-end ? Plz give me a suggestion!
@@vanthaitran159 Can you clarify on your question? What do you want to know exactly?
Greate Tutorial.. How can I set remember login?
can django-allauth be used for api based authentication with social ?
Is it secure to put the client id and client secret and giving it in plain text to the user for oauth? I am very new to oauth, and at a first glance it does not seem risky, but is it? Also AMAZING video. Helped a ton develop my blog. :)
https will be of help in this situation
I Have one question basically in my app I use 'rest_framework.authentication.TokenAuthentication',
and I don't want to use the JWT token authentication what should I do?
Using React/DRF you would go back to sessions if not using JWT? Or basic auth, you could create custom authentication?
This playlists is incomplete.. Because Forgot password with Email verification missing... Please add this video....Thank you.
Can this be used with an external provider like not facebook, google, github etc
Is it a compulsion to remove previosuly implemented simplejwt authentication
Thank you 🤗
You’re welcome 😊
i am getting the error as {"error":"access_denied","error_description":"Authentication process canceled"} while convert-token is called.
when i send the facebook's accessToken to convert-token it's response is unauthorized. What could be the problem any solutions?
I noticed in a previous Django authentication tutorial you used Django-allauth rather than drf_social_oauth. What prompted the change?
This is django restful with jwt Auth, integrates badly with allauth. The other is django core
Isn't storing both refresh and access token on the local storage a potential risk?
Yes it is not recommended. Which I realise now raises more questions, why build a tutorial with potential risks. The tutorial is for reference only.
Why are these keys (SOCIAL_AUTH_GOOGLE_OAUTH2_KEY ) used?? when they arent even used can you please elaborate !
Why is it used when it isn't used. Sounds like you are asking me a quantum physics question. I would answer and say when you don't look at it based on quantum theory, SOCIAL_AUTH_GOOGLE_OAUTH2_KEY will be set and not set at the same time. 👍
I want to allow users to login via google if they already exist in my database. How can i do that?
for what reason you switch from simple jwt to drf auth ? got i kinda got confuse
Hi Saad, not sure what you mean by DRF auth. Sorry to confuse you, sometimes I do things just because I think it is useful to experience even when it might look or feel counterproductive. It help establish a wider knowledge based.
Well what i got confused about is using and other auth package, and i m wondering if it is optimal, in other words it will cause some problem if i used both third party package simplejwt and the package that u used in this tutorial for social auth, and i realy like your content, and last question can u recommande which 3rd party package is the best to use for auth in general with the option of social auth ??
How to revoke the access token in order to perform logout operation??
You are not really logging out - when token is removed from the client they can not longer access resources/pages as if they did have a token (logged in as you describe it) on the backend the tokens can be saved - so you can also delete them too.
okay, thankyou :)
i have issue with Google OAuth in convert-token
server said Bad Request: /auth/convert-token
Hello, did you solve the problem? I have the same issue. I would appreciate any advice :)
@@joanna5483 url is convert_token not convert-token
Is it good idea to use mongodb with django.?
Please video about deploy too?
Hey, NoSQL databases have there place if you should want to use that. Of course the data principles are very different from relational tables which you will need to feel comfortable with before you start working with NoSQL approaches. But of course it is more than possible. Is it a good idea - yes of course it is but only if the project / data lends itself towards the benefits of the NoSQL approach. - Was that a request for Django + Mongo or just a request for deploying this React app?
I'd followed the tutorial till the end. Now I'm not getting this, how do i get the login user data... username, firstname, email ??
That wasn't shown directly. But now you can log in you send requests to the server capture the request and send the data back - sounds easy!
If anyone is seeing this, do you guys know how to refresh the access token when it expires?
and also logout
please help! my response result from facebook doesn't have email value.
Can u tell me the way to store access and refresh token in redis?
Not to sure you would want to do that.
How to give roles like customer & admin for social auth using Django rest framework
Hi yashwanth, it is a long one to explain - I will add it to the todo list
@@veryacademy because i was not seen any blogs on that....
Hello! Please! Can you help me with twitter too? I don't know what token to use
Its tricky giving you help sorry without showing you how to do it.
In facebook authentication I am getting this error, what should i do?
>>
Facebook has detected that DRF isn't using a secure connection to transfer information.
Until DRF updates its security settings, you won't be able to use Facebook to log in to it.
Please help
You will still be able to use HTTP with “localhost” addresses, but only while your app is still in development mode.
Just make sure you are spinning up your servers with localhost and not 127 and making requests from localhost not 127.0.0.1...
stackoverflow.com/questions/52712047/facebook-login-on-localhost-without-https
@@veryacademy Thanks. I made a mistake in developers.facebook while creating the app, it somehow became business. Its ok now
@@harshitgangwar2162 Thanks for letting me know, good to hear you got it sorted.
is there a way to buy your services or something like that ?
Evening David, I appreciate what you are trying to ask but I am not currently providing any of these types of services. But I will always try and answer any questions you might have
@@veryacademy hey thank you for the videos but i wont feel comfortable to ask random stuff in the comment section ), if there was some kind of way to ask you stuff... but i guess you prob have different plans.
anyway thank a lot for your content.
Is there a way to do this while keeping simplejwt?
Of course anything is possible, whether it is easy possible - not sure.
@@veryacademy The thing is I'm working on a system that has a bunch of users registered. Is there a way to give them a client_id and client_secret for each?
why i'm getting 400 bad request, when login through facebook??please please helpout it is urgent
Hi Khalid, that is a very generic problem - unfortunately it is impossible to tell you.
thanks
Welcome
I'm getting permission error when fetching the post even though I edited the JWT to Bearer. Please help.
Oh I just forgot to include "DEFAULT_AUTHENTICATION_CLASSES" my bad
I didn't understand what is the use of 'SOCIAL_AUTH_USER_FIELDS', which is used in settings.py. Could you please elaborate?
Hi Shyam, good question. Looking through the manual I remember this was needed to define the model fields when you use a custom user model. I was going to link this to you - but - I cant find it. Unlikely I just made this up though, but I could have just got this wrong. If you remove it - see what happens - that will answer the question!
thanks
I tried do it with google but it isnt working can you help me please?
Hi Alkfalfn - really sorry I cant give you this type of support at the minute. I know it doesn't help but just reading through it and take it step by step testing where you can.
i followed every every step and i also clone Final code sample, when i send request from the front-end to backend(/auth/convert-token) after accessing the reference token it gives and bad request error code 400 please help me if im missing something.
try makemigrations?
Did you ever figure this out? I'm having the same problem
I figured it out if anyone else runs into this problem. The user I signed up with via FB was not set to "Active" since I was following along with the tutorial and he fixes the code for this at a later stage in the video. You need to update your user model to have is_active default=True. If your user has already been added, you need to go into the admin panel and update the user to is_active
What is password for a user created by social login? I mean while creating a user in database with information received from facebook, we also need to provide password, what is it? Token gotten from facebook?
Hi Orkhan, you dont need to store password - all handled by facebook?
but how to use this token authentication for non social accounts
noted - will cover this shortly again - I am doing a token video up next in fact!
After the user is logged in how am i supposed to get all his data, to display it in its profile. Can you help me with how can i get the users data, cause i just have the access and refresh tokens.
Hello, just very briefly - make sure you are not collecting any sensitive data. Maybe build a custom user table first. To get user data - you need to make an API get request to the server. Like how it is done to collect the post data, make another request for the user data and store it somewhere - maybe initially in the local storage.
@@veryacademy thanks i am going with local storage for now. I have one more problem - i have an admin user too, should i store a another varaible in local storage for admin, so that my app can distinguish between the two and display what is required
@@harshitgangwar2162 Sure you could, maybe you setup levels for different types of users.
hello please tell me how to retrieve facebook profile picture and save in user model
stackoverflow.com/questions/21733614/allauth-facebook-profile-image-not-loading
Despite using the right client id & secret & username-password, I'm still getting `{"error": "invalid_client"}` error. What am I doing wrong ?
Same. Did you sort it out?
@@varisharashid4699 check if you're entering hashed client secret.
@@calm_warr10r oh yes. So i have to copy it before saving
@@varisharashid4699 oh man you are a life saver...
Great video! However, after removing simple-jwt we cannot longer blacklist our refresh tokens. Am I right? If so, how should I combine simple jwt with social login? Perhaps I should use this library, because it uses simple-jwt:
github.com/st4lk/django-rest-social-auth
any luck?
How to hide private key in react? Do you guys have any idea? Please don't say env, that's not hiding at all.
I am getting invalid_client error even when everything is correct
use the client id and client secret generated before you save the application in django admin
Hey did you solve this?. I am also getting the same error and everything is correct.
@@mymawazo1449 Hi, you have to copy and paste the client id and client secrete into a notepad and use that as soon you open the new application. Because saving it changes the client secrete to hashed client secrent which cannot be used in postman.
Unhashed:
kvTbqBKuUx6T8V46lsel7bCtN81jRqk64VNi8NSzuZgLekPD14xsw5dH0sdxltp0RV4Qp3F4Ep9TAMf8Zovvh2PouHZrhNVxkHlBqBtWQFwj1HkamApMIxl6ZOGohV9p
Hashed:
pbkdf2_sha256$216000$sCPYuUFy236Q$X6Isj5YUWaav511hVdZzef3Aw7vYecM72ruidBkwd4k=
Note** Just noticed the requirements.txt file in the Django project was incorrect - all tested again and updated! Sorry!
Make another update today - strange instance with djangorestframework-simplejwt in the requirements file
I also get a strange bug when you download and start he repo - possibly solved at the moment by running the static command
I have updated the settings file
You're awesome!!
Even after all these updates, it's not working for me. So do you mind checking again?
I'm stuck at auth/token in postman. It always shows invalid client. The application screen in django is different for me than you
Amazing tutorial, thank you so much