api-sandbox/share/readmes/authorization_tokens_testing.md


# getting testing authorization tokens for the django rest framework

The purpose of this readme is to explain how to retrieve testing tokens that can be passed into the django rest framework's oauth authorization to retrieve a user token

currently, this document will list how to get testing tokens for the following platforms:

- facebook
- google

## facebook

### getting an access token for testing

to get a testing token, go to graph api explorer

1. under "meta app", select the application you want a token for
2. under "user or page", select "user token" from the dropdown
3. under "add a permission", select "email" from the dropdown
4. then hit "generate access token" button, and you're good to go

[graph api explorer](https://developers.facebook.com/tools/explorer/)


#### sources
[configure facebook login](https://help.sharetribe.com/en/articles/666072-configure-facebook-login)

[getting a testing token for authentication](https://developers.facebook.com/docs/marketing-apis/overview/authentication/)


## google


### notes

in the case of the google provider we don't actually want the
access token what we want is the ID TOKEN that is returned

#### setting up credentials

To use OAuth playground to get the id token, you have to first set
the Authorized Redirect URLs in the oauth credential section to at least have:
      https://developers.google.com/oauthplayground

#### oauth playground

next in OAuth Playground, set it up to use your client

1. click the settings wheel in the upper left corner
2. click on 'use your own OAUTH credentials'
3. enter the client id and client secret

##### Step1

go to Step1 Select & authorize APIs

1. find Google OAuth2 API v2
2. select unserinfo.email and userinfo.profile
3. click Authorize APIs

##### Step2

go to Step 2 Exchange authorization code for tokens

1. click Exchange authorization code for tokens
2. IGNORE access and refresh token!!! they are not relevant!
3. go to the right panel Request / Response
   - in the json data, find 'id_token'
4. paste the id token in the field for auth_token in swagger


#### sources

[Using OAuth 2.0 to access Google APIs](https://medium.com/@anupama.pathirage/using-oauth-2-0-to-access-google-apis-1dbd01edea9a#:~:text=In%20a%20separate%20browser%20window,obtained%20in%20the%20previous%20step.)

[django allauth callback](https://django-allauth.readthedocs.io/en/latest/socialaccount/providers/index.html?highlight=callback)


# old info in this page

### Notes

facebook authorization requests are different than straight user/pass requests.  One requires the user and pass registered with the django app when they signed in, etc.  The other is via the users facebook account.

So the user must paas in his facebook account name and password

#### try using standard api get token method 

Unlike the facebook request,this one passes the username and password that is already stored in Django

http http://127.0.0.1:8026/api-token-auth/ username=someuser1 password=testpass1


got to [facebook dev apps](https://developers.facebook.com/apps/)

get the 

facebook test user  name/pass
get client id and client secret from settings

apply:
`curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&grant_type=password&username=<user_name>&password=<password>" http://localhost:8000/auth/token
initial commit 2025-04-22 18:06:11 +03:00
			`# getting testing authorization tokens for the django rest framework`

			`The purpose of this readme is to explain how to retrieve testing tokens that can be passed into the django rest framework's oauth authorization to retrieve a user token`

			`currently, this document will list how to get testing tokens for the following platforms:`

			`- facebook`
			`- google`

			`## facebook`

			`### getting an access token for testing`

			`to get a testing token, go to graph api explorer`

			`1. under "meta app", select the application you want a token for`
			`2. under "user or page", select "user token" from the dropdown`
			`3. under "add a permission", select "email" from the dropdown`
			`4. then hit "generate access token" button, and you're good to go`

			`[graph api explorer](https://developers.facebook.com/tools/explorer/)`


			`#### sources`
			`[configure facebook login](https://help.sharetribe.com/en/articles/666072-configure-facebook-login)`

			`[getting a testing token for authentication](https://developers.facebook.com/docs/marketing-apis/overview/authentication/)`


			`## google`


			`### notes`

			`in the case of the google provider we don't actually want the`
			`access token what we want is the ID TOKEN that is returned`

			`#### setting up credentials`

			`To use OAuth playground to get the id token, you have to first set`
			`the Authorized Redirect URLs in the oauth credential section to at least have:`
			`https://developers.google.com/oauthplayground`

			`#### oauth playground`

			`next in OAuth Playground, set it up to use your client`

			`1. click the settings wheel in the upper left corner`
			`2. click on 'use your own OAUTH credentials'`
			`3. enter the client id and client secret`

			`##### Step1`

			`go to Step1 Select & authorize APIs`

			`1. find Google OAuth2 API v2`
			`2. select unserinfo.email and userinfo.profile`
			`3. click Authorize APIs`

			`##### Step2`

			`go to Step 2 Exchange authorization code for tokens`

			`1. click Exchange authorization code for tokens`
			`2. IGNORE access and refresh token!!! they are not relevant!`
			`3. go to the right panel Request / Response`
			`- in the json data, find 'id_token'`
			`4. paste the id token in the field for auth_token in swagger`


			`#### sources`

			`[Using OAuth 2.0 to access Google APIs](https://medium.com/@anupama.pathirage/using-oauth-2-0-to-access-google-apis-1dbd01edea9a#:~:text=In%20a%20separate%20browser%20window,obtained%20in%20the%20previous%20step.)`

			`[django allauth callback](https://django-allauth.readthedocs.io/en/latest/socialaccount/providers/index.html?highlight=callback)`



			`# old info in this page`

			`### Notes`

			`facebook authorization requests are different than straight user/pass requests. One requires the user and pass registered with the django app when they signed in, etc. The other is via the users facebook account.`

			`So the user must paas in his facebook account name and password`

			`#### try using standard api get token method`

			`Unlike the facebook request,this one passes the username and password that is already stored in Django`

			`http http://127.0.0.1:8026/api-token-auth/ username=someuser1 password=testpass1`


			`got to [facebook dev apps](https://developers.facebook.com/apps/)`

			`get the`

			`facebook test user name/pass`
			`get client id and client secret from settings`

			`apply:`
			`curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&grant_type=password&username=<user_name>&password=<password>" http://localhost:8000/auth/token