django-social-auth django-registration and django-profiles -- together django-social-auth django-registration and django-profiles -- together django django

django-social-auth django-registration and django-profiles -- together


django django-registration django-socialauth

They work fine together - I just set this up the other day (except I didn't need to use django-profiles as it's as easy to create your own).

  • A user can set up a normal account (contrib.auth) using django-registration which sends out an email to be confirmed - creating a username/email/password in the DB.
  • Alternatively they can sign in straight away with twitter/facebook/google etc. and a contrib.auth user is created for them automatically with a dummy password (and potentially no email).

Some points and limitations:

  • When you sign in with a social media profile, a contrib.auth.user is automatically created. If that username already exists, a UUID is appended - this is ugly and django-social-auth doesn't seem to deal with this problem yet - an easy solution is to allow the user to change their username after they sign up. Ideally, when you sign in with twitter you are given the chance to refine your details before they are saved to the DB (instead of after)
  • Similarly, a dummy password is set - this makes it difficult to allow the user to reset the password using the built in django password change-form as they will not be able to enter their existing password (as it's set as an unhashble string)
  • You need to consider when a user that signs up with twitter wants to later associate their facebook account - django-social-auth accounts for this and it's easy to assoicate multiple 3rd party sign ins with one account
  • Twitter doesn't disclose a users email address so you might want to prompt them to provide it to you and save it to the database - the problem with this is that you will then need to verify it which negates the whole purpose of using social-auth!

django-social-auth is a great project and is being actively developed with a group on convore Google Group that is always up to date so I would certainly suggest it. It's also very easy to set up - just be sure you have ironed out your login flow, and you know of the potential limitations of using this

EDIT:

This post is a little outdated

  • django-social-auth has become python-social-auth
  • django-allauth: OP mentioned django-allauth which has gotten popular recently. I haven't used it but it seems to be a great drop-in replacement for authentication, registration and profiles.
  • Configurable User Models: Django 1.5 introduced a configuratble User models in the auth module so you can now edit what fields you want to make use of for your user (email only, no username etc.). This is also useful if you want to add profile-like information to your user without having to join with another table (like you would with django-profiles or a OneToOne relationship with a custom profile model)

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last