Question posted in 
I am building a rest api with Django, and I an using Django rest auth for social authentication. I believe I am doing everything right. upon visiting the route I get a response that I am to provide both access token and code for both Google and Facebook. I am lost at this point what to do. Please anyone who has an idea, please share.
I have gotten the secret key and client id from both providers and inputed them in my settings.py and django admin.
settings.py
INSTALLED_APPS = [
...
'django.contrib.sites',
...
'rest_auth',
'rest_auth.registration',
'allauth',
'allauth.account',
'allauth.socialaccount',
'allauth.socialaccount.providers.google',
'allauth.socialaccount.providers.facebook',
...
]
SOCIALACCOUNT_PROVIDERS = {
'facebook': {
'METHOD': 'oauth2',
'SCOPE': ['email', 'public_profile', 'user_friends'],
'AUTH_PARAMS': {'auth_type': 'reauthenticate'},
'INIT_PARAMS': {'cookie': True},
'FIELDS': [
'id',
'email',
'name',
'first_name',
'last_name',
'verified',
'locale',
'timezone',
'link',
'gender',
'updated_time',
],
'EXCHANGE_TOKEN': True,
'LOCALE_FUNC': 'path.to.callable',
'VERIFIED_EMAIL': True,
'VERSION': 'v2.12',
'APP': {
# get the key from "https://developers.facebook.com/apps/615248019004301/settings/basic/"
'client_id': 'code',
'secret': 'code',
'key': ''
}
},
'google': {
'SCOPE': [
'profile',
'email',
],
'AUTH_PARAMS': {
'access_type': 'offline',
},
'APP': {
# get from "console.developers.google.com/" then apis then credentials then oauthclient
# fill in http://127.0.0.1:8000/accounts/google/login/callback/ in the “Authorized redirect URI” field
'client_id': 'code.apps.googleusercontent.com',
'secret': 'code',
'key': ''
}
}
}
SITE_ID = 1
SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter"
SOCIALACCOUNT_EMAIL_REQUIRED = ACCOUNT_EMAIL_REQUIRED
2
Answers
OK I’m in a similar situation and have been doing a lot of reading. Looks like you have performed all the setup correctly. And now you are trying to perform signup / login via your API from a client.
I’m going to make some assumptions as you don’t provide a lot in your question by way of detail. For instance, I’m not sure what route you are visiting, or, what kind of an API client (DRF browseable API, React frontend, mobile app?) you are using. That said, it shouldn’t really matter what kind of client you use, the process should be the same.
Here are the steps:
accessToken, which your client should send to your API at/rest-auth/facebook/(or whatever you have configured in yoururls.py).Here is an example blog post that I found where the author shows this flow for a React frontend application: https://medium.com/@pratique/social-login-with-react-and-django-ii-39b8aa20cd27.
Here is another example of a similar flow I found on SO. In the answer, the user is using the
python-social-authpackage instead ofdjango-allauthbut the flow is similar: https://stackoverflow.com/a/46476631/399435.Since your client will be making requests to your API, I believe that you will also have to setup CORS correctly for such requests to succeed.
Hope that points you in the right direction. I’m going to be attempting this myself soon and if I learn that something is different, I will get back to edit this answer.
As far as I understand, the problem it’s that are you sending a GET request, when the login view only accept a POST request. You must change the method.