social-app-django icon indicating copy to clipboard operation
social-app-django copied to clipboard

Published 20 hours ago verified publisher icon python-social-auth

After authenticating user is created, but it does not log into django

Open MrJeric0 opened this issue 6 years ago • 13 comments

After completing to SSO page in an ADFS i return to the /complete/saml and i get redirected but i am not Authenticated. I check the admin section and i see a new USER SOCIAL AUTH entry with the email i entered. What is preventing me from completely logging in?

MrJeric0 avatar Jan 08 '18 23:01 MrJeric0

I'm having the exact same issue with social-auth-app-django==2.1.0 and social-auth-core==1.5.0 (running 1.5.0 because LinkedIn auth is broken in 1.6.0)

alexmbird avatar Jan 10 '18 14:01 alexmbird

@MrJeric0 a thought - what Django are you on? I'm using 2.0.1. 2.0 only came out in December so maybe social-app-django hasn't yet been tested against it.

alexmbird avatar Jan 10 '18 18:01 alexmbird

I am using django version 1.11. I fixed my issue. Can you check to see if a sessionid cookie is created after you login?

MrJeric0 avatar Jan 11 '18 17:01 MrJeric0

Yes, a sessionid cookie is set in two places:

  • At the start of the auth process, when the user is sent to /login/linkedin-oauth2/, a session_id=ldkn... cookie is set
  • At the end of the auth process, where LinkedIn sends the user back to /complete/linkedin-oauth2/, sessionid=j6xw... is set - even though the browser sent sessionid=ldkn... to Django with that request.

I don't know why a new session is being started with the call to /complete/linkedin-oauth2/. They're working in general for my site (e.g. I stay logged in to the admin console). Is linkedin-oauth supposed to completely replace the user's session upon successful login?

alexmbird avatar Jan 11 '18 22:01 alexmbird

When you are logged in and auth with an outside service it associates the accounts together i believe.

My solution might not be the best. I made a new view and i point the redirect to

def connect(request):
    if '_auth_user_id' in request.session:  
        user_obj = User.objects.filter(id=request.session['_auth_user_id'])
        request.user = user_obj[0]
        messages.success(request, 'You are now logged in as {}'.format(request.user))
        login(request, request.user, backend=settings.AUTHENTICATION_BACKENDS[0])
    return HttpResponseRedirect('/')

MrJeric0 avatar Jan 11 '18 22:01 MrJeric0

Thanks, I'll bear it in mind. But by doing that aren't we skipping the code in the social-auth pipeline to collect and sanity check the user's token?

alexmbird avatar Jan 11 '18 22:01 alexmbird

I'm not quite sure. but it does use the pipelines to check if the user is new. So im assuming its using whatever pipelines you've enables.

MrJeric0 avatar Jan 11 '18 22:01 MrJeric0

Try to check all settings related to middleware, template context processors and the other parts. In my case, many settings were using:

  • social.* instead of social_core.*
  • social.apps.django_app.* instead of social_django.*

matejkloska avatar Mar 14 '18 08:03 matejkloska

The explanation lies in Django https://github.com/django/django/blob/master/django/contrib/auth/init.py#L184 because if you (like me) let path social.backends... instead of social_core.backends... in AUTHENTICATION_BACKENDS then you are correctly authenticated but AuthenticationMiddleware cannot detect it.

# doesn't work
AUTHENTICATION_BACKENDS = (
    'social.backends.facebook.FacebookOAuth2',
    ...
)

# works
AUTHENTICATION_BACKENDS = (
    'social_core.backends.facebook.FacebookOAuth2',
    ...
)

petrprikryl avatar Mar 24 '18 16:03 petrprikryl

The explanation lies in Django https://github.com/django/django/blob/master/django/contrib/auth/init.py#L184 because if you (like me) let path social.backends... instead of social_core.backends... in AUTHENTICATION_BACKENDS then you are correctly authenticated but AuthenticationMiddleware cannot detect it.

# doesn't work
AUTHENTICATION_BACKENDS = (
    'social.backends.facebook.FacebookOAuth2',
    ...
)

# works
AUTHENTICATION_BACKENDS = (
    'social_core.backends.facebook.FacebookOAuth2',
    ...
)

This should documented

Bohooslav avatar Aug 04 '20 08:08 Bohooslav

I had the same problem with Azure OAuth.

Docs say use: social_core.backends.azuread_tenant.AzureADOAuth2

But social_core.backends.azuread.AzureADOAuth2 works

pizzapanther avatar Mar 31 '22 21:03 pizzapanther

Docs say use: social_core.backends.azuread_tenant.AzureADOAuth2 But social_core.backends.azuread.AzureADOAuth2 works

And because the documentation seems to be living detached from the code, and I'm using 3.1.0 (Debian stable), I would rely on an assumption that the most of the "latest version" docs are still relevant. Apparently, it screams for a minuscule amendment (took me a day of wondering why my authentication against Microsoft identity platform loops!)

alexey-nikolov-basemark-com avatar Jul 21 '22 17:07 alexey-nikolov-basemark-com

Improvements to the documentation are welcome: https://github.com/python-social-auth/social-docs/

nijel avatar Jul 22 '22 08:07 nijel