103 lines
3.2 KiB
Markdown
103 lines
3.2 KiB
Markdown
|
|
# getting testing authorization tokens for the django rest framework
|
|
|
|
The purpose of this readme is to explain how to retrieve testing tokens that can be passed into the django rest framework's oauth authorization to retrieve a user token
|
|
|
|
currently, this document will list how to get testing tokens for the following platforms:
|
|
|
|
- facebook
|
|
- google
|
|
|
|
## facebook
|
|
|
|
### getting an access token for testing
|
|
|
|
to get a testing token, go to graph api explorer
|
|
|
|
1. under "meta app", select the application you want a token for
|
|
2. under "user or page", select "user token" from the dropdown
|
|
3. under "add a permission", select "email" from the dropdown
|
|
4. then hit "generate access token" button, and you're good to go
|
|
|
|
[graph api explorer](https://developers.facebook.com/tools/explorer/)
|
|
|
|
|
|
#### sources
|
|
[configure facebook login](https://help.sharetribe.com/en/articles/666072-configure-facebook-login)
|
|
|
|
[getting a testing token for authentication](https://developers.facebook.com/docs/marketing-apis/overview/authentication/)
|
|
|
|
|
|
## google
|
|
|
|
|
|
### notes
|
|
|
|
in the case of the google provider we don't actually want the
|
|
access token what we want is the ID TOKEN that is returned
|
|
|
|
#### setting up credentials
|
|
|
|
To use OAuth playground to get the id token, you have to first set
|
|
the Authorized Redirect URLs in the oauth credential section to at least have:
|
|
https://developers.google.com/oauthplayground
|
|
|
|
#### oauth playground
|
|
|
|
next in OAuth Playground, set it up to use your client
|
|
|
|
1. click the settings wheel in the upper left corner
|
|
2. click on 'use your own OAUTH credentials'
|
|
3. enter the client id and client secret
|
|
|
|
##### Step1
|
|
|
|
go to Step1 Select & authorize APIs
|
|
|
|
1. find Google OAuth2 API v2
|
|
2. select unserinfo.email and userinfo.profile
|
|
3. click Authorize APIs
|
|
|
|
##### Step2
|
|
|
|
go to Step 2 Exchange authorization code for tokens
|
|
|
|
1. click Exchange authorization code for tokens
|
|
2. IGNORE access and refresh token!!! they are not relevant!
|
|
3. go to the right panel Request / Response
|
|
- in the json data, find 'id_token'
|
|
4. paste the id token in the field for auth_token in swagger
|
|
|
|
|
|
#### sources
|
|
|
|
[Using OAuth 2.0 to access Google APIs](https://medium.com/@anupama.pathirage/using-oauth-2-0-to-access-google-apis-1dbd01edea9a#:~:text=In%20a%20separate%20browser%20window,obtained%20in%20the%20previous%20step.)
|
|
|
|
[django allauth callback](https://django-allauth.readthedocs.io/en/latest/socialaccount/providers/index.html?highlight=callback)
|
|
|
|
|
|
|
|
# old info in this page
|
|
|
|
### Notes
|
|
|
|
facebook authorization requests are different than straight user/pass requests. One requires the user and pass registered with the django app when they signed in, etc. The other is via the users facebook account.
|
|
|
|
So the user must paas in his facebook account name and password
|
|
|
|
#### try using standard api get token method
|
|
|
|
Unlike the facebook request,this one passes the username and password that is already stored in Django
|
|
|
|
http http://127.0.0.1:8026/api-token-auth/ username=someuser1 password=testpass1
|
|
|
|
|
|
got to [facebook dev apps](https://developers.facebook.com/apps/)
|
|
|
|
get the
|
|
|
|
facebook test user name/pass
|
|
get client id and client secret from settings
|
|
|
|
apply:
|
|
`curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&grant_type=password&username=<user_name>&password=<password>" http://localhost:8000/auth/token
|