0

For a Django website that I am making I have the following authentication system: - People can log in through Facebook - People can log in through Django Auth

I have now arrived at a point where I can log in through Facebook. When Facebook returns I save the user's name and email etc. The question is now though: how can I merge these Facebook accounts with the Django auth system?

For example, a "normal" user would log in by:

user = auth.authenticate ( user , password )
auth.login ( request , user )

But how would I go about this when people login through Facebook, which of course does not pass a password?

Hope you understand my question =)!

Diederik
  • 602
  • 9
  • 24

1 Answers1

1

You have to

  1. Store FB identity and keys in some model.
  2. Create related django user with unusable passford
  3. Create an authentication backend, working versus that model and authenticating by social credentials

Btw, there is a django-social-auth package along with many others wich solves this task, why not to use it?

alko
  • 46,136
  • 12
  • 94
  • 102
  • Ah, that makes sense: creating a unique password for these users. Thanks for the tip. Regarding the social-auth package: I know about that, but I am currently learning the ropes of Python & Django, and I understand stuff better if I try it myself as opposed to just using packages. – Diederik Oct 24 '13 at 15:31
  • Not unique, but __unusable__, for example auth.models.UNUSABLE_PASSWORD. Since pwd change and validation management is made on the view side, your backend may allow to users logged via fb change their password without asking for old value (checking `user.has_usable_password()`) – alko Oct 24 '13 at 15:34
  • And that is exactly why I am doing this stuff. Thanks for pointing me in the right direction. I'm gonna read some more on this! – Diederik Oct 24 '13 at 15:47