This section describes how to setup the different services provided by Google.
Google provides Consumer Key and Consumer Secret keys to registered applications, but also allows unregistered application to use their authorization system with, but beware that this method will display a security banner to the user telling that the application is not trusted.
Check Google OAuth and make your choice.
fill Consumer Key and Consumer Secret values:
SOCIAL_AUTH_GOOGLE_OAUTH_KEY = ''
SOCIAL_AUTH_GOOGLE_OAUTH_SECRET = ''
anonymous values will be used if not configured as described in their OAuth reference
setup any needed extra scope in:
SOCIAL_AUTH_GOOGLE_OAUTH_SCOPE = [...]
Recently Google launched OAuth2 support following the definition at OAuth2 draft. It works in a similar way to plain OAuth mechanism, but developers must register an application and apply for a set of keys. Check Google OAuth2 document for details.
To enable OAuth2 support:
fill Client ID and Client Secret settings, these values can be obtained easily as described on OAuth2 Registering doc:
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = ''
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = ''
setup any needed extra scope:
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [...]
Check which applications can be included in their Google Data Protocol Directory
Google+ Sign In works a lot like OAuth2, but most of the initial work is done by their Javascript which thens calls a defined handler to complete the auth process.
To enable the backend create an application using the Google console and fill the key settings:
SOCIAL_AUTH_GOOGLE_PLUS_KEY = '...'
SOCIAL_AUTH_GOOGLE_PLUS_SECRET = '...'
Add their button snippet to your template:
<div id="signinButton">
<span class="g-signin" data-scope="{{ plus_scope }}"
data-clientid="{{ plus_id }}"
data-redirecturi="postmessage"
data-accesstype="offline"
data-cookiepolicy="single_host_origin"
data-callback="signInCallback">
</span>
</div>
signInCallback is the name of your Javascript callback function.
The scope can be generated doing:
from social.backends.google import GooglePlusAuth
plus_scope = ' '.join(GooglePlusAuth.DEFAULT_SCOPE)
Or get the value from settings if it was overridden. plus_id is the value from SOCIAL_AUTH_GOOGLE_PLUS_KEY.
Add the Javascript snippet:
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
(function () {
var po = document.createElement('script');
po.type = 'text/javascript';
po.async = true;
po.src = 'https://plus.google.com/js/client:plusone.js?onload=start';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(po, s);
})();
</script>
Define your Javascript callback function:
<script type="text/javascript">
var signInCallback = function (result) {
if (result['error']) {
alert('An error happened:', result['error']);
} else {
$('#code').attr('value', result['code']);
$('#at').attr('value', result['access_token']);
$('#google-plus').submit();
}
};
</script>
In the example above the values needed to complete the auth process are posted using a form like this but this is just a simple example:
<form id="google-plus" method="post" action="{% url 'social:complete' "google-plus" %}">{% csrf_token %}
<input id="at" type="hidden" name="access_token" value="" />
<input id="code" type="hidden" name="code" value="" />
</form>
Google OpenId works straightforward, not settings are needed. Domains or emails whitelists can be applied too, check the whitelists settings for details.
Orkut offers per application keys named Consumer Key and Consumer Secret. To enable Orkut these two keys are needed.
Check Google support and Orkut API for details on getting keys.
fill Consumer Key and Consumer Secret values:
SOCIAL_AUTH_ORKUT_KEY = ''
SOCIAL_AUTH_ORKUT_SECRET = ''
add any needed extra data to:
SOCIAL_AUTH_ORKUT_EXTRA_DATA = [...]
configure extra scopes in:
SOCIAL_AUTH_ORKUT_SCOPE = [...]
Optional support for static and unique Google Profile ID identifiers instead of using the e-mail address for account association can be enabled with:
SOCIAL_AUTH_GOOGLE_OAUTH_USE_UNIQUE_USER_ID = True
or:
SOCIAL_AUTH_GOOGLE_OAUTH2_USE_UNIQUE_USER_ID = True
depending on the backends in use.
Google is deprecating the full-url scopes from Sept 1, 2014 in favor of Google+ API and the recently introduced shorter scopes names. But python-social-auth already introduced the scopes change at e3525187 which was released at v0.1.24.
But, to enable the new scopes the application requires Google+ API to be enabled in the Google console dashboard, the change is quick and quite simple, but if any developer desires to keep using the old scopes, it’s possible with the following settings:
# Google OAuth2 (google-oauth2)
SOCIAL_AUTH_GOOGLE_OAUTH2_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
# Google+ SignIn (google-plus)
SOCIAL_AUTH_GOOGLE_PLUS_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
'https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
To ease the change, the old API and scopes is still supported by the application, the new values are the default option but if having troubles supporting them you can default to the old values by defining this setting:
SOCIAL_AUTH_GOOGLE_OAUTH2_USE_DEPRECATED_API = True
SOCIAL_AUTH_GOOGLE_PLUS_USE_DEPRECATED_API = True