### Local Setup and Run Django Example App Source: https://github.com/pennersr/django-allauth/blob/main/examples/regular-django/README.org These commands guide through the local setup of the Django example application. It includes cloning the repository, creating and activating a virtual environment, installing necessary packages (including optional ones like mfa, saml, socialaccount), migrating the database, creating an admin user, and starting the development server. The application will be accessible at http://localhost:8000. ```sh git clone git@codeberg.org:allauth/django-allauth.git cd django-allauth/examples/regular-django virtualenv venv . venv/bin/activate pip install "../..[mfa,saml,socialaccount]" ``` ```sh python manage.py migrate python manage.py createsuperuser ``` ```sh python manage.py runserver ``` -------------------------------- ### Setup Python Virtual Environment Source: https://github.com/pennersr/django-allauth/blob/main/CONTRIBUTING.rst Commands to create, activate, and install development dependencies for a standard Python virtual environment. ```bash python -m venv virtualenv # Activate on macOS/Linux source virtualenv/bin/activate # Install dependencies pip install -r requirements-dev.txt ``` -------------------------------- ### Run Django Example App with Docker Source: https://github.com/pennersr/django-allauth/blob/main/examples/regular-django/README.org This command starts the Django example application using Docker Compose. It assumes Docker is installed and configured. The application will be accessible at http://localhost:8000. ```sh docker-compose up ``` -------------------------------- ### Install django-allauth (with Social Account Support) Source: https://github.com/pennersr/django-allauth/blob/main/docs/installation/quickstart.md Install django-allauth with the 'socialaccount' extra to enable integration with social login providers. ```bash pip install "django-allauth[socialaccount]" ``` -------------------------------- ### Install django-allauth (Core) Source: https://github.com/pennersr/django-allauth/blob/main/docs/installation/quickstart.md Use this command to install the core django-allauth package if social account features are not required. ```bash pip install django-allauth ``` -------------------------------- ### Install OpenID dependencies Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/openid.md Install the necessary packages for OpenID support in django-allauth using pip. ```bash $ pip install "django-allauth[socialaccount,openid]" ``` -------------------------------- ### Install django-allauth with OpenID Connect Extra Source: https://github.com/pennersr/django-allauth/blob/main/docs/idp/openid-connect/installation.md Installs the django-allauth package with the necessary 'idp-oidc' extra for OpenID Connect provider functionality. This is the initial step for enabling the feature. ```bash pip install "django-allauth[idp-oidc]" ``` -------------------------------- ### Setup Python Virtual Environment Source: https://github.com/pennersr/django-allauth/blob/main/docs/project/contributing.md Commands to create, activate, and configure a Python virtual environment for local development. ```bash python -m venv virtualenv # Activate on Windows virtualenv\Scripts\activate # Activate on macOS/Linux source virtualenv/bin/activate # Install dependencies pip install -r requirements-dev.txt ``` -------------------------------- ### Install System Dependencies for django-allauth Source: https://github.com/pennersr/django-allauth/blob/main/CONTRIBUTING.rst Commands to install necessary system-level libraries like libxml2 and xmlsec required for building the project on various operating systems. ```bash # macOS brew install libxml2 libxmlsec1 pkg-config openssl # Ubuntu/Debian sudo apt-get install libxml2-dev libxmlsec1-dev libxmlsec1-openssl pkg-config # RHEL/CentOS/Fedora sudo dnf install libxml2-devel xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel ``` -------------------------------- ### Install Steam Provider Dependencies Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/steam.md Install the necessary packages to enable Steam social authentication support within the django-allauth framework using pip. ```bash pip install "django-allauth[socialaccount,steam]" ``` -------------------------------- ### Install SAML dependencies Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/saml.md Install the necessary SAML support for django-allauth using pip. Note that this requires system-level dependencies for the underlying XML wrappers. ```bash pip install "django-allauth[saml]" ``` -------------------------------- ### Create Database Tables Source: https://github.com/pennersr/django-allauth/blob/main/docs/installation/quickstart.md Run the Django migrate command to create the necessary database tables for allauth after installation. ```bash python manage.py migrate ``` -------------------------------- ### Configure Provider-Specific Settings Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/configuration.md Example of how to configure specific settings for a social provider, such as enabling email authentication for Google. ```python SOCIALACCOUNT_PROVIDERS = { 'google': { 'EMAIL_AUTHENTICATION': True } } ``` -------------------------------- ### Example Callback URLs Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/index.md Illustrates the format for callback URLs required by social providers. Ensure these match the configuration on the provider's side. ```text http://example.com/accounts/twitter/login/callback/ http://example.com/accounts/soundcloud/login/callback/ ... ``` -------------------------------- ### Install Django Allauth MFA Extras Source: https://github.com/pennersr/django-allauth/blob/main/docs/mfa/introduction.md Installs the necessary 'mfa' extras for the django-allauth package, enabling Multi-Factor Authentication features. This command should be run in your project's environment. ```bash pip install "django-allauth[mfa]" ``` -------------------------------- ### Install Django-Allauth with Headless Extra Source: https://github.com/pennersr/django-allauth/blob/main/docs/headless/installation.md Installs the django-allauth package with the 'headless' extra, which is required for headless functionality. This command ensures all necessary dependencies for headless operations are included. ```default pip install "django-allauth[headless]" ``` -------------------------------- ### Get Pending Signup Information (Headless) Source: https://github.com/pennersr/django-allauth/blob/main/docs/release-notes/recent.md For headless signups with third-party providers, if insufficient information is received, make a GET request to this endpoint to obtain pending signup details. ```http GET /_allauth/{client}/v1/auth/provider/signup ``` -------------------------------- ### Install and Configure django-extensions for Local HTTPS Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/mailchimp.md This snippet shows how to install django-extensions and add it to your INSTALLED_APPS to enable HTTPS for local development, which is required for MailChimp OAuth2 testing. ```bash pip install django-extensions ``` ```python INSTALLED_APPS = ( ... 'django_extensions', ... ) ``` ```bash ./manage.py runserver_plus --cert cert ``` -------------------------------- ### GET /accounts/shopify/login/ Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/shopify.md Initiates the Shopify OAuth authentication flow. Requires the shop parameter to identify the specific Shopify store. ```APIDOC ## GET /accounts/shopify/login/ ### Description Initiates the OAuth login process for a specific Shopify store. ### Method GET ### Endpoint /accounts/shopify/login/ ### Parameters #### Query Parameters - **shop** (string) - Required - The subdomain of the Shopify store (e.g., 'petstore' for petstore.myshopify.com). ### Request Example /accounts/shopify/login/?shop=petstore ### Response #### Success Response (302) Redirects the user to the Shopify authorization page. ``` -------------------------------- ### Klaviyo Production Callback URL Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/klaviyo.md An example of a production callback URL for Klaviyo app registration. Replace {{yourdomain}}.com with your actual domain. ```default https://{{yourdomain}}.com/accounts/klaviyo/login/callback/ ``` -------------------------------- ### Build Documentation Source: https://github.com/pennersr/django-allauth/blob/main/docs/project/contributing.md Command to generate project documentation using Sphinx via nox. ```bash nox --session docs ``` -------------------------------- ### Configure Social Account Providers Source: https://github.com/pennersr/django-allauth/blob/main/docs/installation/quickstart.md Set up client credentials for OAuth-based providers like Google directly in settings.py. Ensure a 'SocialApp' is configured or list credentials here. ```python SOCIALACCOUNT_PROVIDERS = { 'google': { 'APP': { 'client_id': '123', 'secret': '456', 'key': '' } } } ``` -------------------------------- ### Configuring OpenID Connect Providers Source: https://github.com/pennersr/django-allauth/blob/main/docs/release-notes/2023.md Shows how to configure third-party providers like CERN or Keycloak using the standard OpenID Connect settings structure in Django. ```python SOCIALACCOUNT_PROVIDERS = { "openid_connect": { "APPS": [ { "provider_id": "cern", "name": "CERN", "client_id": "", "secret": "", "settings": { "server_url": "https://auth.cern.ch/auth/realms/cern/.well-known/openid-configuration", }, } ] } } ``` -------------------------------- ### Configure Edx OAuth2 Provider Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/edx.md This snippet shows how to configure the Edx OAuth2 provider by setting the EDX_URL. It's crucial to set EDX_URL to your specific Open edX installation URL, as the default 'https://edx.org' may not work for custom installations. ```python SOCIALACCOUNT_PROVIDERS = { 'edx': { 'EDX_URL': "https://openedx.local", } } ``` -------------------------------- ### Customize Social Provider by Subclassing Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/advanced.md Demonstrates how to create a custom social provider by subclassing an existing one and overriding methods like get_default_scope. Ensure the provider_classes list is defined to register the custom provider correctly. ```python class GoogleNoDefaultScopeProvider(GoogleProvider): id = 'google_no_scope' def get_default_scope(self): return [] provider_classes = [GoogleNoDefaultScopeProvider] ``` -------------------------------- ### Configure OpenID Connect Providers in Django Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/openid_connect.md This snippet demonstrates how to define multiple OpenID Connect providers in the Django settings file. It includes configuration for client credentials, server URLs, and optional settings like PKCE and userinfo fetching. ```python SOCIALACCOUNT_PROVIDERS = { "openid_connect": { "OAUTH_PKCE_ENABLED": True, "APPS": [ { "provider_id": "my-server", "name": "My Login Server", "client_id": "your.service.id", "secret": "your.service.secret", "settings": { "fetch_userinfo": True, "oauth_pkce_enabled": True, "server_url": "https://my.server.example.com", "token_auth_method": "client_secret_basic", "uid_field": "sub", }, }, { "provider_id": "other-server", "name": "Other Login Server", "client_id": "your.other.service.id", "secret": "your.other.service.secret", "settings": { "server_url": "https://other.server.example.com", }, }, ] } } ``` -------------------------------- ### Override Password Management Forms Source: https://github.com/pennersr/django-allauth/blob/main/docs/account/forms.md Provides examples for extending ChangePasswordForm and SetPasswordForm to add custom logic during password updates. ```python from allauth.account.forms import ChangePasswordForm class MyCustomChangePasswordForm(ChangePasswordForm): def save(self): super().save() # Add your own processing here. ``` ```python ACCOUNT_FORMS = {'change_password': 'mysite.forms.MyCustomChangePasswordForm', 'set_password': 'mysite.forms.MyCustomSetPasswordForm'} ``` -------------------------------- ### Configure Signup Fields Source: https://github.com/pennersr/django-allauth/blob/main/docs/release-notes/recent.md Use ACCOUNT_SIGNUP_FIELDS to specify which fields are present and required on the signup form. Fields marked with '*' are required. ```python ACCOUNT_SIGNUP_FIELDS = ['username*', 'email', 'password1*', 'password2*'] ``` -------------------------------- ### TOTP Activation Template Source: https://github.com/pennersr/django-allauth/blob/main/allauth/templates/mfa/totp/activate_form.html Renders the QR code and verification form for TOTP setup. Requires the mfa/totp/base.html base template. ```django {% extends "mfa/totp/base.html" %} {% load allauth i18n %} {% block head_title %} {% translate "Activate Authenticator App" %} {% endblock head_title %} {% block content %} {% element h1 %} {% translate "Activate Authenticator App" %} {% endelement %} {% element p %} {% blocktranslate %}To protect your account with two-factor authentication, scan the QR code below with your authenticator app. Then, input the verification code generated by the app below.{% endblocktranslate %} {% endelement %} {% url 'mfa_activate_totp' as action_url %} {% element form form=form method="post" action=action_url %} {% slot body %} {% element img src=totp_svg_data_uri alt=form.secret tags="mfa,totp,qr" %} {% endelement %} {% csrf_token %} {% element field id="authenticator_secret" type="text" value=form.secret disabled=True %} {% slot label %} {% translate "Authenticator secret" %} {% endslot %} {% slot help_text %} {% translate "You can store this secret and use it to reinstall your authenticator app at a later time." %} {% endslot %} {% endelement %} {% element fields form=form %} {% endelement %} {% endslot %} {% slot actions %} {% element button type="submit" %} {% trans "Activate" %} {% endelement %} {% endslot %} {% endelement %} {% endblock content %} ``` -------------------------------- ### Override Social Account Forms Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/configuration.md Example of how to override the default forms used for social account operations like disconnecting or signing up. ```python SOCIALACCOUNT_FORMS = { 'disconnect': 'allauth.socialaccount.forms.DisconnectForm', 'signup': 'allauth.socialaccount.forms.SignupForm', } ``` -------------------------------- ### Enable Passkey Signup Source: https://github.com/pennersr/django-allauth/blob/main/docs/release-notes/2024.md This setting enables the signup process using passkeys, a more secure and convenient alternative to passwords. When enabled, users can register and log in using FIDO2-compliant authenticators like fingerprint scanners or facial recognition. ```python MFA_PASSKEY_SIGNUP_ENABLED = True ``` -------------------------------- ### Limit API Client Types (Headless) Source: https://github.com/pennersr/django-allauth/blob/main/docs/release-notes/recent.md Use HEADLESS_CLIENTS to limit the types of API clients (app/browser) that can be used in a headless setup. ```python HEADLESS_CLIENTS = ['app', 'browser'] ``` -------------------------------- ### Override Signup Form Source: https://github.com/pennersr/django-allauth/blob/main/docs/account/forms.md Shows how to extend the SignupForm to perform additional actions after a user is created. The save method must return the user object. ```python from allauth.account.forms import SignupForm class MyCustomSignupForm(SignupForm): def save(self, request): user = super().save(request) # Add your own processing here. return user ``` ```python ACCOUNT_FORMS = {'signup': 'mysite.forms.MyCustomSignupForm'} ``` -------------------------------- ### GET /accounts/github/login/callback/ Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/github.md The callback endpoint used by GitHub to redirect users after authorization. This endpoint is handled internally by django-allauth to finalize the authentication process. ```APIDOC ## GET /accounts/github/login/callback/ ### Description This endpoint serves as the OAuth2 callback URL for GitHub. It processes the authorization code returned by GitHub to authenticate the user and create or link a social account. ### Method GET ### Endpoint /accounts/github/login/callback/ ### Parameters #### Query Parameters - **code** (string) - Required - The authorization code provided by GitHub. - **state** (string) - Required - The CSRF token used to verify the request. ### Response #### Success Response (302) - **Redirect** - Redirects the user to the LOGIN_REDIRECT_URL after successful authentication. ``` -------------------------------- ### Configure Phone Authentication Settings Source: https://github.com/pennersr/django-allauth/blob/main/docs/account/phone.md Define login methods, signup fields, and the custom adapter in settings.py to enable phone authentication. ```default # Make sure that the login methods includes "phone" as a method. ACCOUNT_LOGIN_METHODS = {"phone", "email"} # Add a required phone field to the signup fields. # ACCOUNT_SIGNUP_FIELDS = [ 'phone*', 'email*' # Can be left out if you want to only use 'phone'. ] # You will need to provide methods for storing phone numbers, and # sending SMS messages in a custom adapter. ACCOUNT_ADAPTER = 'project.users.adapter.MyAccountAdapter' ``` -------------------------------- ### Wahoo Cloud API Introduction Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/wahoo.md Access the main API documentation for details on endpoints, request formats, and responses. ```APIDOC ## Wahoo Cloud API Introduction ### Description This is the main entry point for the Wahoo Cloud API documentation. Find details on all available endpoints and functionalities. ### Endpoint [https://cloud-api.wahooligan.com/#introduction](https://cloud-api.wahooligan.com/#introduction) ### Method GET ``` -------------------------------- ### Serve API Specification Dynamically (Headless) Source: https://github.com/pennersr/django-allauth/blob/main/docs/release-notes/recent.md When HEADLESS_SERVE_SPECIFICATION is True, the API specification is served dynamically. Configure HEADLESS_SPECIFICATION_TEMPLATE_NAME to choose between Redoc or Swagger. ```python HEADLESS_SERVE_SPECIFICATION = True ``` ```python HEADLESS_SPECIFICATION_TEMPLATE_NAME = "headless/spec/redoc_cdn.html" ``` ```python HEADLESS_SPECIFICATION_TEMPLATE_NAME = "headless/spec/swagger_cdn.html" ``` -------------------------------- ### Register VK Provider in Django Installed Apps Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/vk.md This snippet shows how to add the VK provider to the INSTALLED_APPS list in your Django settings file to ensure the application recognizes the provider. ```python INSTALLED_APPS = [ ... 'allauth.socialaccount.providers.vk', ... ] ``` -------------------------------- ### Override TOTP Deactivation Form (Python) Source: https://github.com/pennersr/django-allauth/blob/main/docs/mfa/forms.md Provides an example of creating a custom form for deactivating TOTP by inheriting from allauth.mfa.totp.forms.DeactivateTOTPForm. This custom form can be configured via the MFA_FORMS setting. ```python from allauth.mfa.totp.forms import DeactivateTOTPForm class MyCustomDeactivateTOTPForm(DeactivateTOTPForm): pass ``` ```python MFA_FORMS = { 'deactivate_totp': 'mysite.forms.MyCustomDeactivateTOTPForm', } ``` -------------------------------- ### Example of Potentially Unsafe WebAuthn Response Source: https://github.com/pennersr/django-allauth/blob/main/allauth/headless/spec/doc/description.md Illustrates a scenario where WebAuthn endpoints might return authenticator names containing script tags, highlighting the need for client-side XSS protection. ```json { "name": "", "credential": { "type": "public-key", ... } } ``` -------------------------------- ### Add Required and Optional Apps to INSTALLED_APPS Source: https://github.com/pennersr/django-allauth/blob/main/docs/installation/quickstart.md Include the necessary Django and Allauth applications in your INSTALLED_APPS setting. This snippet also shows how to include optional social account providers. ```python INSTALLED_APPS = [ ... # The following apps are required: 'django.contrib.auth', 'django.contrib.messages', 'allauth', 'allauth.account', # Optional -- requires install using `django-allauth[socialaccount]`. 'allauth.socialaccount', # ... include the providers you want to enable: 'allauth.socialaccount.providers.agave', 'allauth.socialaccount.providers.amazon', 'allauth.socialaccount.providers.amazon_cognito', 'allauth.socialaccount.providers.apple', 'allauth.socialaccount.providers.asana', 'allauth.socialaccount.providers.auth0', 'allauth.socialaccount.providers.authentiq', 'allauth.socialaccount.providers.baidu', 'allauth.socialaccount.providers.basecamp', 'allauth.socialaccount.providers.battlenet', 'allauth.socialaccount.providers.bitbucket_oauth2', 'allauth.socialaccount.providers.bitly', 'allauth.socialaccount.providers.box', 'allauth.socialaccount.providers.cilogon', 'allauth.socialaccount.providers.clever', 'allauth.socialaccount.providers.coinbase', 'allauth.socialaccount.providers.dataporten', 'allauth.socialaccount.providers.daum', 'allauth.socialaccount.providers.digitalocean', 'allauth.socialaccount.providers.dingtalk', 'allauth.socialaccount.providers.discogs', 'allauth.socialaccount.providers.discord', 'allauth.socialaccount.providers.disqus', 'allauth.socialaccount.providers.douban', 'allauth.socialaccount.providers.doximity', 'allauth.socialaccount.providers.draugiem', 'allauth.socialaccount.providers.drip', 'allauth.socialaccount.providers.dropbox', 'allauth.socialaccount.providers.dwolla', 'allauth.socialaccount.providers.edmodo', 'allauth.socialaccount.providers.edx', 'allauth.socialaccount.providers.eventbrite', 'allauth.socialaccount.providers.eveonline', 'allauth.socialaccount.providers.evernote', 'allauth.socialaccount.providers.exist', 'allauth.socialaccount.providers.facebook', 'allauth.socialaccount.providers.feedly', 'allauth.socialaccount.providers.figma', 'allauth.socialaccount.providers.fivehundredpx', 'allauth.socialaccount.providers.flickr', 'allauth.socialaccount.providers.foursquare', 'allauth.socialaccount.providers.frontier', 'allauth.socialaccount.providers.fxa', 'allauth.socialaccount.providers.gitea', 'allauth.socialaccount.providers.github', 'allauth.socialaccount.providers.gitlab', 'allauth.socialaccount.providers.globus', 'allauth.socialaccount.providers.google', 'allauth.socialaccount.providers.gumroad', 'allauth.socialaccount.providers.hubic', 'allauth.socialaccount.providers.instagram', 'allauth.socialaccount.providers.jupyterhub', 'allauth.socialaccount.providers.kakao', 'allauth.socialaccount.providers.klaviyo', 'allauth.socialaccount.providers.lemonldap', "allauth.socialaccount.providers.lichess", 'allauth.socialaccount.providers.line', 'allauth.socialaccount.providers.linkedin', 'allauth.socialaccount.providers.linkedin_oauth2', 'allauth.socialaccount.providers.mailchimp', 'allauth.socialaccount.providers.mailcow', 'allauth.socialaccount.providers.mailru', 'allauth.socialaccount.providers.mediawiki', 'allauth.socialaccount.providers.meetup', 'allauth.socialaccount.providers.miro', 'allauth.socialaccount.providers.microsoft', 'allauth.socialaccount.providers.naver', 'allauth.socialaccount.providers.nextcloud', 'allauth.socialaccount.providers.notion', 'allauth.socialaccount.providers.odnoklassniki', 'allauth.socialaccount.providers.openid', 'allauth.socialaccount.providers.openid_connect', 'allauth.socialaccount.providers.openstreetmap', 'allauth.socialaccount.providers.orcid', 'allauth.socialaccount.providers.patreon', 'allauth.socialaccount.providers.paypal', 'allauth.socialaccount.providers.persona', 'allauth.socialaccount.providers.pinterest', 'allauth.socialaccount.providers.pocket', "allauth.socialaccount.providers.questrade", 'allauth.socialaccount.providers.quickbooks', 'allauth.socialaccount.providers.reddit', ] ``` -------------------------------- ### Handling XSS with Django Templates Source: https://github.com/pennersr/django-allauth/blob/main/allauth/headless/spec/doc/description.md Django's template language provides automatic escaping to mitigate XSS attacks. This example shows how to properly escape user-provided input within templates. ```html {{ user_input }} ``` -------------------------------- ### Configure Django Session and CSRF Cookies for Sub-domain Routing Source: https://github.com/pennersr/django-allauth/blob/main/allauth/headless/spec/doc/description.md Configures Django settings to allow session and CSRF cookies to be shared across sub-domains, essential for setups where the frontend and backend reside on different sub-domains of the same parent domain. ```python SESSION_COOKIE_DOMAIN = "project.org" CSRF_COOKIE_DOMAIN = "project.org" ``` -------------------------------- ### Configure Authentiq Provider in Django Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/authentiq.md This Python code snippet configures the Authentiq social account provider within a Django project using django-allauth. It specifies the scopes of identity details to request from the user, such as email and name. Ensure `django-allauth` is installed and configured. ```python SOCIALACCOUNT_PROVIDERS = { 'authentiq': { 'SCOPE': ['email', 'aq:name'] } } ``` -------------------------------- ### Security Guidelines Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/saml.md Important security considerations for SAML integration. ```APIDOC ## Security Guidelines Implementing SAML securely requires attention to several key areas: ### HTTPS Configuration - Most SAML IdPs require TLS (formerly SSL). Ensure your Django development server and production environment are configured to use HTTPS. ### Reverse Proxy Settings - If using a reverse proxy (e.g., Nginx, Apache), configure Django settings as follows: - `USE_X_FORWARDED_HOST = True` - `SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')` - `SECURE_SSL_REDIRECT = True` - Ensure your reverse proxy sets the following headers: - `X_FORWARDED_PROTO 'https' env=HTTPS` - `X-Forwarded-Ssl on` ### Secure Cookies - Configure your Django settings for secure cookies: - `CSRF_COOKIE_DOMAIN = 'yourdomain.com'` - `SESSION_COOKIE_DOMAIN = 'yourdomain.com'` - `CSRF_COOKIE_SECURE = True` - `SESSION_COOKIE_SECURE = True` ### Testing and Debugging - Test your SAML integration using your browser's privacy/incognito mode. - Use your browser's developer console to inspect cookies. - Employ tools like SAML Tracer (Firefox/Chromium add-ons) to monitor SAML messages exchanged between the browser, SP, and IdP. - SAML Tracer is invaluable for mapping IdP SAML attributes to `uid`, `email`, and `email_verified` in your `attribute_mapping` configuration. ``` -------------------------------- ### Customizing Facebook Locale Function in Django Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/facebook.md This example demonstrates how to customize the locale used for the Facebook Javascript SDK. By setting 'LOCALE_FUNC' to a callable (like a lambda function), you can dynamically determine the locale based on the request, ensuring the correct language is used for the login dialog. ```python SOCIALACCOUNT_PROVIDERS = { 'facebook': { 'LOCALE_FUNC': lambda request: 'en_US' } } ``` -------------------------------- ### Override DefaultAccountAdapter for Custom Redirects Source: https://github.com/pennersr/django-allauth/blob/main/docs/account/advanced.md Demonstrates how to create a custom adapter by extending DefaultAccountAdapter to implement dynamic login redirects based on the user's username. ```python # project/settings.py: ACCOUNT_ADAPTER = 'project.users.adapter.MyAccountAdapter' # project/users/adapter.py: from django.conf import settings from allauth.account.adapter import DefaultAccountAdapter class MyAccountAdapter(DefaultAccountAdapter): def get_login_redirect_url(self, request): path = "/accounts/{username}/" return path.format(username=request.user.username) ``` -------------------------------- ### Django Allauth Template Tag Loading Source: https://github.com/pennersr/django-allauth/blob/main/allauth/templates/allauth/elements/h2.html This snippet demonstrates how to load the allauth template tags in a Django template. It requires the django-allauth app to be installed and configured in your Django project's settings. This tag is necessary to use other allauth template tags and features within your templates. ```django {% load allauth %} ``` -------------------------------- ### Local Development Callback URL Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/index.md Provides the specific callback URL format for local development environments. ```text http://127.0.0.1:8000/accounts/twitter/login/callback/ ``` -------------------------------- ### Configure Nextcloud Social Login Provider in Django Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/nextcloud.md This Python code snippet demonstrates how to configure the Nextcloud provider within the `SOCIALACCOUNT_PROVIDERS` setting in Django Allauth. It requires a `client_id`, `secret`, and the Nextcloud `server` URL. This setup enables users to log in via their Nextcloud accounts. ```python SOCIALACCOUNT_PROVIDERS = { "nextcloud": { "APPS": [ { "client_id": "", "secret": "", "settings": { "server": "https://nextcloud.example.org", } } ] } } ``` -------------------------------- ### Automate Testing and Quality Checks with Nox Source: https://github.com/pennersr/django-allauth/blob/main/docs/project/contributing.md Using nox to run tests across different environments and execute code quality linting tools. ```bash nox --list nox -x --session "test-3.11" nox -t lint nox --session black nox --session isort nox --session flake8 nox --session bandit nox --session djlint ``` -------------------------------- ### Django Template: Display Email Setup Warning Source: https://github.com/pennersr/django-allauth/blob/main/allauth/templates/account/snippets/warn_no_email.html This Django template snippet uses the i18n and allauth template tags to display a localized warning message. It informs the user that they do not have an email address set up and explains the importance of adding one for notifications and password resets. The message is wrapped in a paragraph element. ```django {% load i18n allauth %} {% element p %} **{% trans 'Warning:' %}** {% trans "You currently do not have any email address set up. You should really add an email address so you can receive notifications, reset your password, etc." %} {% endelement %} ``` -------------------------------- ### Configure OpenID Connect Client Scopes Source: https://github.com/pennersr/django-allauth/blob/main/docs/idp/openid-connect/clients.md Defines the scope permissions requested by the client. Values should be provided line by line in the admin interface. ```text openid profile email ``` -------------------------------- ### Enable Userinfo Fetching Source: https://github.com/pennersr/django-allauth/blob/main/docs/socialaccount/providers/google.md Configure the Google provider to fetch userinfo from the endpoint, which is useful for retrieving private avatar URLs that are not included in the JWT. ```python SOCIALACCOUNT_PROVIDERS = { 'google': { 'FETCH_USERINFO' : True } } ``` -------------------------------- ### Render Form Element with Named Slots using Allauth Source: https://github.com/pennersr/django-allauth/blob/main/docs/common/templates.md Illustrates the usage of the `element` templatetag for rendering a form with named slots ('body' and 'actions'). This approach allows for modular form construction and flexible arrangement of form elements and action buttons. The example shows how to override the `allauth/elements/form.html` template to customize the form's structure. ```django {% load allauth %} {% element form method="post" action=action_url %} {% slot body %} ... {% endslot %} {% slot actions %} ... {% endslot %} {% endelement %} ``` ```django {% load allauth %}
{% slot body %} {% endslot %}
{% slot actions %} {% endslot %}
```