2.2 KiB
in order to use the facebook login with our DRF we need to first get an access token from facebook
then we must login to an OAuth2 application to get an authorization token from our system
so we must have an OAuth Application set up before we can use the facebook token with the DRF
- install Django OAuth Toolkit
- read and apply Step 3: Register an application
note: step 2 can be done in the admin under Django OAuth Toolkit > Application
- install the Django rest-framework Social OAuth2 package
- go to the facebook developers debug access token page, and get a fake user access token
- test it using the shell script facebook_convert.sh which is located in /opt/shell-commands/social_rest
- or just run the command
curl -X POST -d "grant_type=convert_token
&client_id=$CLIENT_ID
&client_secret=$CLIENT_SECRET
&backend=facebook
&token=$FACEBOOK_USER_TOKEN"
$baseurl/auth/convert-token
where CLIENT_ID, CLIENT_SECRET, AND FACEBOOK_USER_TOKEN are all either variables or direct values put in the proper places
CLIENT_ID and CLIENT_SECRET you get from the OAuth application you created before. That application manages authorized user tokens to let users make DRF requests on authorization only parts of the system
FACEBOOK_USER_TOKEN is a value you get AFTER you've logged into facebook. at the facebook developers debug access token page you look up the Facebook app you are trying to log into, and get a debug user access token.
In production, this means that you ahve to log into facebook only via web or by ios, you absolutely cannot log into facebook by the command line. No way.
So in production you will have to retrieve the access token facebook provides after login, then make the call to retrieve yet another access token from the Django OAuth Application you set up on your web server.