2

I'm using django 1.8.3 and django-allauth 0.21.0 and I'd like the user to be able to log in using e.g. their Google account without leaving the page. The reason is that there's some valuable data from the page they're logging in from that needs to be posted after they've logged in. I've already got this working fine using local account creation, but I'm having trouble with social because many of the social networks direct the user away to a separate page to ask for permissions, etc. Ideally, I'd have all this happening in a modal on my page, which gets closed once authentication is successful.

The only possible (though not ideal) solution I can think of at the moment is to force the authentication page to open up in another tab (e.g. using target="_blank" in the link), then prompting the user to click on something back in the original window once the authentication is completed in the other tab.

However, the problem here is that I can't think of a way for the original page to know which account was just created by the previously-anonymous user without having them refresh the page, which would cause the important data that needs to be posted to be lost.

Does anyone have any ideas about how I could accomplish either of the two solutions I've outlined above?

Gravity Grave
  • 2,802
  • 1
  • 27
  • 39
  • Related: http://stackoverflow.com/questions/16162108/implementing-ajax-requests-response-with-django-allauth – Glyn Jackson Jul 12 '15 at 17:39
  • @GlynJackson Yeah, I actually used some info from that question to implement the local sign up / login stuff (which I have working), but I'm having trouble making the jump from that to social. If you're referring to pennersr saying I'm "out of luck", I'm not quite ready to give up that easily! – Gravity Grave Jul 12 '15 at 17:43
  • 1
    Isn't this just the canonical use case for local storage? Depending on the nature of the data, yiu might also be able to encode it into the 'code' parameter which is preserved across the OAuth dance. – pinoyyid Jul 12 '15 at 19:12
  • @pinoyyid would you mind providing an answer with a link or a description of how to implement what you suggest here? Being able to pass data through the OAuth process does indeed sound promising. – Gravity Grave Jul 13 '15 at 15:18
  • 1
    Firstly, I said 'code' when I meant to say 'state'. Sorry - brain fart! Look at https://developers.google.com/identity/protocols/OAuth2WebServer and scroll down for a description of the state parameter. – pinoyyid Jul 13 '15 at 15:45
  • @pinoyyid Thanks, this looks like it could work, but in the context of django-allauth it seems like it may be difficult to implement. I posted another question to address this here: http://stackoverflow.com/questions/31412369/passing-a-dynamic-state-parameter-using-django-allauth-during-social-login – Gravity Grave Jul 14 '15 at 16:32

2 Answers2

1

I ended up resolving this by using Django's session framework. It turns out that the session ID is automatically passed through the oauth procedure by django-allauth, so anything that's stored in request.session is accessible on the other side after login is complete.

Gravity Grave
  • 2,802
  • 1
  • 27
  • 39
0

One option is that the primary form pops up social auth in a new window then uses AJAX to poll for whether the social auth has completed. As long as you are fine with the performance characteristics of this (it hammers your server slightly), then this is probably the simplest solution.

Ming
  • 1,613
  • 12
  • 27
  • This sounds like it could work for me, but I'm not sure where to begin implementing something like this. Would you mind editing your answer to provide a bit more info, i.e. some rough code to have AJAX determine if social auth was completed in another window? – Gravity Grave Jul 12 '15 at 17:44