NotImplementedError on authentication while trying to access APIView method about django-rest-framework-social-oauth2 HOT 9 CLOSED

I know this is not an issue, but for people who end up here, I will leave my final class implementation. It's a simple workaround that fits my case:

from rest_framework_social_oauth2.backends import DjangoOAuth2
from oauth2_provider.models import AccessToken
from django.contrib.auth.models import User

class MyAppOAuth2(DjangoOAuth2):

    def get_user_details(self, response):
        if response.get(self.ID_KEY, None):
            user = User.objects.get(pk=response[self.ID_KEY])
            return {'username': user.username,
                     'email': user.email,
                     'fullname': user.get_full_name(),
                     'first_name': user.first_name,
                     'last_name': user.last_name
                    }
        return {}

    def user_data(self, access_token, *args, **kwargs):
        try:
            user_id = AccessToken.objects.get(token=access_token).user.pk
            return {self.ID_KEY: user_id}
        except AccessToken.DoesNotExist:
            return None

    def do_auth(self, access_token, *args, **kwargs):
        """Finish the auth process once the access_token was retrieved"""
        data = self.user_data(access_token, *args, **kwargs)
        response = kwargs.get('response') or {}
        response.update(data or {})
        kwargs.update({'response': response, 'backend': self})
        if response.get(self.ID_KEY, None):
            user = User.objects.get(pk=response[self.ID_KEY])
            return user
        else:
            return None

Thank you, @PhilipGarnero for your attention and library.

from django-rest-framework-social-oauth2.

Where do i put this line of code?

from django-rest-framework-social-oauth2.

Hi, I don't know why DjangoOAuth2 not finished for work. This class is not completed!!!

from django-rest-framework-social-oauth2.

In case anyone stuck with where you should put this snippet (as I am).
You need to specify this new backend in settings.py.

If you put this code in file myapp/inner_oauth.py, your backends in settings should be like:

AUTHENTICATION_BACKENDS = (

    # Facebook OAuth2
    'social.backends.facebook.FacebookAppOAuth2',
    'social.backends.facebook.FacebookOAuth2',

    # MyAppOAuth2 based on django-rest-framework-social-oauth2
    'myapp.inner_oauth.MyAppOAuth2',

    # Django
    'django.contrib.auth.backends.ModelBackend',
)

from django-rest-framework-social-oauth2.

I worked my way out of this by creating a superclass on DjangoOAuth2 that implemented get_user_details method and returning an empty dict.

class MyAppOAuth2(DjangoOAuth2):

    def get_user_details(self, response):
        return {}

from django-rest-framework-social-oauth2.

Yes sorry about the lack of documentation about this.
I didn't implement a default behavior because everyone is doing things differently so in the end inheriting from it seemed the best way to do it.
You figured it out by yourself so I guess it's fine like this.

from django-rest-framework-social-oauth2.

@ivanff Open source work is provided freely and people offer support on their free time. You are not entitled to anything. Instead of complaining and waiting for others to do your work, do it yourself.

from django-rest-framework-social-oauth2.

class MyAppOAuth2(DjangoOAuth2):

def get_user_details(self, response):
    if response.get(self.ID_KEY, None):
        user = User.objects.get(pk=response[self.ID_KEY])
        return {'username': user.username,
                 'email': user.email,
                 'fullname': user.get_full_name(),
                 'first_name': user.first_name,
                 'last_name': user.last_name
                }
    return {}

def user_data(self, access_token, *args, **kwargs):
    try:
        user_id = AccessToken.objects.get(token=access_token).user.pk
        return {self.ID_KEY: user_id}
    except AccessToken.DoesNotExist:
        return None

def do_auth(self, access_token, *args, **kwargs):
    """Finish the auth process once the access_token was retrieved"""
    data = self.user_data(access_token, *args, **kwargs)
    response = kwargs.get('response') or {}
    response.update(data or {})
    kwargs.update({'response': response, 'backend': self})
    if response.get(self.ID_KEY, None):
        user = User.objects.get(pk=response[self.ID_KEY])
        return user
    else:
        return None

Hi, can you please elaborate on where exactly this snippet should go, I tried every possible file, but still end up with the same error.
Help is much appreciated.
Thanks

from django-rest-framework-social-oauth2.

Hi, thank you for this solution, it works just fine.

The problem I have is that I can still use expired access_tokens. After calling /convert-token, I acquire an access_token that should expire in 10hrs. But after 10hrs, the token is still usable. I managed to fix this by adding a simple check in the do_auth method, but I'm not sure about the correctness of this solution, as this is pretty important to not be checked within the package.

Maybe I'm missing something? Here's the improved do_auth method.

    def do_auth(self, access_token, *args, **kwargs):
        """Finish the auth process once the access_token was retrieved"""

        token = AccessToken.objects.get(token=access_token)
        if token.is_expired():
            raise AuthenticationFailed(f"Token {token.token} has expired.")
        data = self.user_data(token, *args, **kwargs)
        response = kwargs.get('response') or {}

        response.update(data or {})
        kwargs.update({"response": response, "backend": self})
        if response.get(self.ID_KEY, None):
            user = User.objects.get(pk=response[self.ID_KEY])
            return user
        else:
            return None

from django-rest-framework-social-oauth2.