Plug in django-allauth as endpoint in django-rest-framework
You can use this libray for social authentication django-rest-framework-social-oauth2. Try this django-allauth related code
urls.py
urlpatterns = [ url( r'^rest/facebook-login/$', csrf_exempt(RestFacebookLogin.as_view()), name='rest-facebook-login' ),]
serializers.py
class EverybodyCanAuthentication(SessionAuthentication): def authenticate(self, request): return None
views.py
class RestFacebookLogin(APIView): """ Login or register a user based on an authentication token coming from Facebook. Returns user data including session id. """ # this is a public api!!! permission_classes = (AllowAny,) authentication_classes = (EverybodyCanAuthentication,) def dispatch(self, *args, **kwargs): return super(RestFacebookLogin, self).dispatch(*args, **kwargs) def get(self, request, *args, **kwargs): try: original_request = request._request auth_token = request.GET.get('auth_token', '') # Find the token matching the passed Auth token app = SocialApp.objects.get(provider='facebook') fb_auth_token = SocialToken(app=app, token=auth_token) # check token against facebook login = fb_complete_login(original_request, app, fb_auth_token) login.token = fb_auth_token login.state = SocialLogin.state_from_request(original_request) # add or update the user into users table complete_social_login(original_request, login) # Create or fetch the session id for this user token, _ = Token.objects.get_or_create(user=original_request.user) # if we get here we've succeeded data = { 'username': original_request.user.username, 'objectId': original_request.user.pk, 'firstName': original_request.user.first_name, 'lastName': original_request.user.last_name, 'sessionToken': token.key, 'email': original_request.user.email, } return Response( status=200, data=data ) except: return Response(status=401, data={ 'detail': 'Bad Access Token', })
While I'm not quite sure how to use allauth and rest-fremework together, allauth does not offer such an endpoint.
Suggestion: make your own that does a variation of the following:
Call allauth.socialaccount.providers.facebook.views.fb_complete_login(None, socialtoken) where socialtoken is as created in login_by_token. That performs (a few functions deeper) a django.contrib.auth.login, possibly creating the acct.
After that, for use on mobile devices, it might be possible to the the auth (not FB) token: get the user data (from session?), and call rest_framework.authtoken.views.obtain_auth_token
Notes:
1. This offers no way to resolve email conflicts or connect social/local accts.
2. I haven't tried it - please post code if you can get it working.