demo-allauth-bootstrap

• Simple, out-of-the-box Django all-auth demo app
• A "brochure" or visitor (no login required) area
• A members-only (login required) area.
• Supports local email/password as well as easy oauth with Google, Facebook and others.

This is a simple, old-style HTML request/response website. No webpack, node, JavaScript framework. Objective is to get you a basic, visitor-and-member website operational quickly.

tl;dr

1. Get your Facebook and/or Google app creds (see sections below for more info);
2. Clone or download the repo; then
3. Follow instructions below:

$ cd demo-allauth-bootstrap

## create and use a Python virtualenv:

$ python3 -m venv mypy          # doesn't have to be called "mypy"; it's just my convention.
$ . ./mypy/bin/active           # adjust this if you used a name other than "mypy"

## install all dependencies into this venv:

$ pip install -r requirements.txt

## run the handy configure script:

$ python ./configure.py

--------
Facebook
--------

Do you want to configure auth via Facebook?
You'll need the app secret and client. (y/n): y              # or enter 'n' to skip

Facebook App Secret? >                                       # Facebook secret here...

Facebook App ID (not client token)?                          # and app ID here.

------
Google
------

Do you want to configure auth via Google?
You'll need the app secret and client. (y/n): y              # or enter 'n' to skip

Google Secret? >                                             # Google secret here...

Google Client ID? >                                          # and Google client ID here.

----------
Next steps
----------

Run these commands:

    python manage.py makemigrations allauthdemo_auth
    python manage.py migrate
    python manage.py createsuperuser                         # optional; doesn't need real email address.

    # Facebook
    python manage.py set_auth_provider facebook --redacted-info-here--

    # Google
    python manage.py set_auth_provider google --redacted-info-here--

If you have other providers you can add them like:

    python manage.py set_auth_provider <name e.g. 'google'> <client id> <secret>

Finally:

    python manage.py runserver

Run the commands shown in "next steps" above.

Load http://127.0.0.1:8000/ in your browser.

Tips

Overall tip

Tinker with it out-of-the-box. If it does what you like, you can remove a few things and use the code as a basis for your own site.

Tips for Facebook

• See "Configure Facebook Login" section below
• You'll need the Facebook App ID (NOT any client ID) and the secret.
• Repeat, the Facebook App ID and NOT any client ID is what should be entered for "client ID"
• Create an app in the facebook-developer-settings area and then create a test app from that. The test app seems to be the only thing that will work with a localhost Django app.
• Read the article by Sarah or see below for moe.

Tips for Google

• See "Configure Google Login" section below
• You'll need the Google client ID and secret from the Google Developer Console.

Pre-setup

If you want users to register and set passwords locally, i.e. never via a provider like Facebook or Google, run configure.py and answer 'n' to the questions.

If you want to use a provider like Facebook or Google, you'll need to do a little setup on those sites to get settings you'll need in Django.

Configure Facebook Login

Follow these instructions if you want to use Facebook as an authentication provider. Skip otherwise.

Sarah describes this nicely in her article

Aside from UI changes, the method she described worked well.

1. Go to facebook-developer-settings.

2. Add app

3. Create a test app (under the above app)

4. Go to Settings > Advanced

5. Do not add any server to Server IP Whitelist (facebook-whitelist-ip-error)

6. Add product "Facebook Login"

7. Enable if not automatically selected: Client OAuth Login, Web OAuth Login

8. Add OAuth redirect URL (in any order): http://127.0.0.1:8000/ http://127.0.0.1:8000/accounts/facebook/ http://127.0.0.1:8000/accounts/facebook/login/callback/

Note: If you're loading your site with localhost:8000 you should use "http://localhost:8000/..." above. Whichever you choose, do it consistently and you should be ok.

Note: The "app secret" and "client id" are a bit confusing with Facebook.
You want to record the "Facebook App Secret" and the "Facebook App ID". The latter "Facebook App ID" becomes the "client ID" from a Django Allauth perspective.

Configure Google Login

Follow these instructions if you want to use Google as an authentication provider. Skip this section otherwise.

To set up Google, follow the Google oauth instructions or [this help answer][4] which is basically:

1. Go to https://console.developers.google.com/

2. Create a new app

3. Make sure that app is selected (next to the "Google APIs" Logo in the top-left)

4. In the left navigation rail under "APIs and Services", click "Credentials"

5. Create new oauth client ID

   You will need to specify some "consent screen details". You can skip most of the fields.

6. For Authorized Javascript Origins, add: http://127.0.0.1:8000

7. For Authorized Redirect URIs, add: http://127.0.0.1:8000/accounts/google/login/callback/

8. Click "Create"

9. Copy the "client ID" and "client secret" strings and keep each handy - you'll need them shortly.

Reminder: if you're loading your site at localhost:8000 then you'll need to set the URIs above to ``http://localhost:8000/..." etc. I recommend not doing that. Instead, just load your local site as http://127.0.0.1:8000/

Configure authentication with other providers

The django-allauth library covers many others providers

First-time setup

1. Make sure you have Python 3.x installed. I used Python 3.6.

   Python 2.7.x used to work but Django 2.0 dropped support for Python 2.x, and is dropping support for Python 3.4.

2. Create a virtualenv and requirements.

   For example:

    $ cd demo-allauth-bootstrap
    $ python3 -m venv mypy       # you can call it anything, not just "mypy"
    $ . mypy/bin/activate
    $ pip install -r requirements.txt
   

3. Generate the initial settings:

    $ python configure.py
   

   Follow the prompts. This will generate the initial config/settings.py

4. Set up the initial migrations:

   A specific makemigrations is needed for the auth_user table:

    $ python manage.py makemigrations allauthdemo_auth
   

5. Build the database schema:

    $ python manage.py migrate
   

6. Create the superuser:

    $ python manage.py createsuperuser
   

   Tip: do not enter the same email address that you'll connect via Google/Facebook with. In development I use a made up address like "[email protected]".

7. Add the social providers:

   Run this for each provider you want to include.

    $ python manage.py set_auth_provider google GOOGLE_CLIENT_ID GOOGLE_SECRET_ID
    saved: Google (...)
    
    $ python manage.py set_auth_provider facebook FACEBOOK_CLIENT_ID FACEBOOK_SECRET_ID
    saved: Facebook (...)
   

   This essentially runs SQL like:

    DELETE FROM socialaccount_socialapp WHERE provider='google';
    INSERT INTO socialaccount_socialapp (provider, name, secret, client_id, `key`)
    VALUES ("google", "Google", "SECRET", "CLIENT", '');
    INSERT INTO socialaccount_socialapp_sites (socialapp_id, site_id) VALUES (
      (SELECT id FROM socialaccount_socialapp WHERE provider='google'),1);
   

8. Check it's working:

    $ python manage.py runserver
   

   Load the site at http://127.0.0.1:8000

   You should see a landing page. Click "Join" or "Login".

9. Log into admin and change the default site:

   Go to http://127.0.0.1:8000/admin/sites/site/ - you may need to log out, then log back in as the superuser you created above.

   You don't technically have to rename the site but the default "example.com" isn't very useful. In development I change the domain to "127.0.0.1" and the name to " (Dev)".

Doing it over

When you're getting oriented you may find you want to start over for any reason.

If you're using sqlite as the database (the default), just remove the file and start the sequence again:

rm db.sqlite3
python configure
python manage.py makemigrations allauthdemo_auth
python manage.py migrate
python manage.py set_auth_provider google ...
python manage.py runserver

If you're using Postgres or similar, remove and recreate the database.

Notes

Make the repo yours

If you've got the site up and want to use it as the basis for your own real site, here's what I do:

• Remove all the git history:

    rm -rf .git/
  

  and start a new history:

    git init
  

• Remove unnecessary files:

    rm LICENSE README.md config/settings.template.py configure.py
  

• Rename the "allauthdemo" directory to something more appropriate

• Optionally rename the class auth.models.User to something more specific. You'll need to rebuild the database (I suggest you do this after you've built the initial app and renamed things anyway). Don't leave this too late as trying to migrate the User class to a new name doesn't work nicely when you've got real data.

• Check the auth.models.UserProfile class. The draft one includes date-of-birth (dob), which you might want to remove.

• Change settings so Postgres or another full database is used, not sqlite (which is awesome, but not right for a real project!)

How I built this

The best resources:

• Raymond's GitHub repo: https://github.com/pennersr/django-allauth

• allauth docs: http://django-allauth.readthedocs.org/en/latest/

• Sarah Hagstrom's magnificent article: http://www.sarahhagstrom.com/2013/09/the-missing-django-allauth-tutorial/

I first worked with Sarah's example to understand how the components worked together. Then I cloned the github repo and worked with the example directory, customising it to what made sense to me. I moved it to use Bootstrap only and added some basic standard stuff like a landing page and stubs for terms and contact.

I moved the bootstrap forms to use the bootstrap4 library. At the very least that made handling Django "messages" better (though see my notes in "Rough Edges" below). Read about bootstrap4 here: http://django-bootstrap4.readthedocs.org/en/latest/

Why I built this

I'd struggled with outdated Django registration modules before and was pleasantly surprised to find django-allauth. Sarah's tutorial is superb but I wanted something more full to use as a basis for future work, and figured it might help others.

Credits

Thanks to Raymond for django-allauth and Sarah for her tutorial.

Rough Edges

In no order:

• I don't like the handling of Django "messages". The messages accumulate in the cookie, which is weird on its own, and clear only when displayed. I don't get why it was done that way. I'm sure there are better ways to handle it; I just haven't looked into it yet.

• The default allauth rendering for profile (email, social accounts etc) is adequate but could do with some work.