# getting testing authorization tokens for the django rest framework The purpose of this readme is to explain how to retrieve testing tokens that can be passed into the django rest framework's oauth authorization to retrieve a user token currently, this document will list how to get testing tokens for the following platforms: - facebook - google ## facebook ### getting an access token for testing to get a testing token, go to graph api explorer 1. under "meta app", select the application you want a token for 2. under "user or page", select "user token" from the dropdown 3. under "add a permission", select "email" from the dropdown 4. then hit "generate access token" button, and you're good to go [graph api explorer](https://developers.facebook.com/tools/explorer/) #### sources [configure facebook login](https://help.sharetribe.com/en/articles/666072-configure-facebook-login) [getting a testing token for authentication](https://developers.facebook.com/docs/marketing-apis/overview/authentication/) ## google ### notes in the case of the google provider we don't actually want the access token what we want is the ID TOKEN that is returned #### setting up credentials To use OAuth playground to get the id token, you have to first set the Authorized Redirect URLs in the oauth credential section to at least have: https://developers.google.com/oauthplayground #### oauth playground next in OAuth Playground, set it up to use your client 1. click the settings wheel in the upper left corner 2. click on 'use your own OAUTH credentials' 3. enter the client id and client secret ##### Step1 go to Step1 Select & authorize APIs 1. find Google OAuth2 API v2 2. select unserinfo.email and userinfo.profile 3. click Authorize APIs ##### Step2 go to Step 2 Exchange authorization code for tokens 1. click Exchange authorization code for tokens 2. IGNORE access and refresh token!!! they are not relevant! 3. go to the right panel Request / Response - in the json data, find 'id_token' 4. paste the id token in the field for auth_token in swagger #### sources [Using OAuth 2.0 to access Google APIs](https://medium.com/@anupama.pathirage/using-oauth-2-0-to-access-google-apis-1dbd01edea9a#:~:text=In%20a%20separate%20browser%20window,obtained%20in%20the%20previous%20step.) [django allauth callback](https://django-allauth.readthedocs.io/en/latest/socialaccount/providers/index.html?highlight=callback) # old info in this page ### Notes facebook authorization requests are different than straight user/pass requests. One requires the user and pass registered with the django app when they signed in, etc. The other is via the users facebook account. So the user must paas in his facebook account name and password #### try using standard api get token method Unlike the facebook request,this one passes the username and password that is already stored in Django http http://127.0.0.1:8026/api-token-auth/ username=someuser1 password=testpass1 got to [facebook dev apps](https://developers.facebook.com/apps/) get the facebook test user name/pass get client id and client secret from settings apply: `curl -X POST -d "client_id=&client_secret=&grant_type=password&username=&password=" http://localhost:8000/auth/token