Can we pin this comment? The author of oauth2 basically said oauth2 is a dumpster fire and removed his name from the authorship of the spec. It is a dumpster fire with security holes and shouldn't be used anymore. this was less than a year ago.

Thanks for showing drf-social-oauth2. I am the main maintainer of the framework. I've been trying to dedicated more time to it! Cheers.

Ohh dang.. its rare to see any oauth related tutorials.. you the best man, cheers!!

Note** Just noticed the requirements.txt file in the Django project was incorrect - all tested again and updated! Sorry!

You are one of the best instructors in the world!

I am actually developing and Ember.JS app with a Django backend even tough these videos had exactly what I needed. Thanks!

I'm doing it with Flutter and Django app, and this tutorial is real gold!

Thanks a lot Very Academy , this is a awesome tutorial , I have been struggling with django DRF Social Logins for a long time... Fortunately your tutorial cleared all my doubts 🙏🙏

Hello, I can never thank you enough. The way you teach, presentation workflow, and of course the professional English is amazing ( the accent also helped wink) .all things considered, I have a degree in computer engineering, and I have never seen flawless teaching like this one . thank you very much.

This is exactly what i have been looking for 😃

Respect. Thank you for hard work.

best tutorials on the youtube.

Great and quality lesson. Thank you and hello from Russia

Super useful series. Thank you!

Amazing tutorial !! Thankyou

This is exactly what I am looking for. Great video. (liked and subscribed)

Great video sir! Thanks a lot.

I have planned to watch a movie today. Well, I guess that can be postponed! Thank you!

Thank you very much for such a good video. Much love🥰

Thanks very much for this amazing content. Just found this channel. Sir your amazing. New sub 😊😊

Thank you so much, brother. This helped me a lot. 🙇🙇🙇

So when you have set up everything, how do you access the protected routes in the api? Do we need attach the access token with each request to api and refresh it periodically?

hello, you have no idea how grateful I am for your content. I have one question and hope you can address it soon. is there a chance that both simple jwt and social auth can co-exist, i want to implement them in one project and in separate apps though.

So at 1:00:45 you mention that Django creates a new user in the Django database. Is this the most advisable pattern when using SSO - to also create users locally that represent users in the external authentication system? Even though there is an IDP (Facebook, Google) with the users account? I have seen this pattern repeated in many places (of creating users locally even though you are authenticating remotely such as LDAP/AD, Social Auth etc.) so I'm thinking its not just enough for the Django backend to validate a token that it recieves, but it should also create/maintain its own user accounts and implement its own token mechanism.

The best oauth tutorial, not any other django channels has gem than this one. You are the best. Also if we want to have jwt login and social login side by side in same project. Does this method overrides jwt auth or not

First of all thank you for this series and I have learnt a lot from the channel, on JWT authentication which of course we are submitting the requests to server via axios,it like my authentication is not working because whenever i submit a request with my authentication set to JWT its always raising a forbidden end point issue .therefore not able to submit any request when logged in

Thank you for this series! Would love this with FastAPI and Vuejs with admin dashboard that totals number of users and posts by type/category.

hey there.. is there a way for user to be able to log in with email & password and at the same time login with Google/Facebook if they're using the same email?

STOP WATCHING NETFLIX AND START WATCHING VIDEOS LIKE THIS!!!!!!!!! IT'S 2021 AND WE NEED TO GET EMPLOYED OR ELSE WE'RE GONNA DIE OF STARVATION!!!!!!!! HAPPY NEW YEAR, EVERYONE!!!!!!!!!!!

Thank you

Have you planned about creating another Django course playlist? I hope it would be social media site or e-learning site by utilizing Django templates for frontend. By the way, thanks for amazing django contents.

Very nice tutorial, sir please make an e-commerce using Nuxtjs and django just like you did using in the previous videos but now please make use of the modern frontend framework

Give him a medal 🥇

Is it secure to put the client id and client secret and giving it in plain text to the user for oauth? I am very new to oauth, and at a first glance it does not seem risky, but is it? Also AMAZING video. Helped a ton develop my blog. :)

you're great man🙂

Thank you. Waiting for vue.js.

why we are removing simple jwt package we can also use it alongside drf-social-oauth2 ? why can u give any reason ?

just wondering how to implement logout with this new setup?

I have a question. Why do we have to delete the JWT? Can we keep both since for example my app needs both regular login (built in Django and authenticate with JWT) and social login (Facebook, Google)?

After you refactored the code to remove drf-simple-jwt and include the drf-social-auth, I observed that the logic for the user logout for the react frontend wasn't refactored. It still had the route pointing to "/user/logout/blacklist". That route, however, doesn't exist anymore. So how would you then handle user logout? Revoke token I guess? And one more question, in which scenario do we revoke all user tokens?

Hi, Thank you for the very helpful tutorials. I want to restrict access to some of the APIs. I mean without login those APIs will not be accessible. How to do that ?

for testing facebook login in localhost https is required which can be enabled by setting HTTPS env variable to true and then npm start.

Is it a compulsion to remove previosuly implemented simplejwt authentication

can django-allauth be used for api based authentication with social ?

Awesome series, wondering if this will be continued? Would love to see the email validation and react login links completed. Also curious if anyone has a good solution around fetching a json form schema for react form validation purposes?

Can this be used with an external provider like not facebook, google, github etc

Hello I need to associate social accounts to login, drf-social-oauth2 provide "associate_by_email" (which associate if same email). But how to associate social accounts which is using different emails?

Quick question, If I want django to handle the form and put a csrf token over the top, how can I get react to accept the {% csrf_token %} or the {{ form.etc }} especially in the case where I want people to add their own info instead of putting it directly through admin.

Thank you 🤗

Hi ! Could you help me in making the navbar look good. Like if the user didn't login the navbar should contain register and login buttons and once the user logs in the navbar should contain logout button

Thanks for the tutorial. I just downloaded the github version and tried at local (I did not watch the videos yet). I get the error "Unauthorized: /api/user/create/" when trying to register.

I Have one question basically in my app I use 'rest_framework.authentication.TokenAuthentication', and I don't want to use the JWT token authentication what should I do?

Isn't storing both refresh and access token on the local storage a potential risk?

For those having the error: invalid_client. You have to copy and paste the client id and client secrete into a notepad BEFORE you save the application. Copy paste both as soon you open the new application. Because saving it changes the client secret to hashed client secret which cannot be used in postman. Unhashed: kvTbqBKuUx6T8V46lsel7bCtN81jRqk64VNi8NSzuZgLekPD14xsw5dH0sdxltp0RV4Qp3F4Ep9TAMf8Zovvh2PouHZrhNVxkHlBqBtWQFwj1HkamApMIxl6ZOGohV9p Hashed: pbkdf2_sha256$216000$sCPYuUFy236Q$X6Isj5YUWaav511hVdZzef3Aw7vYecM72ruidBkwd4k=

really appreciate your videos. thank you. What about normal signup procedure? how to create refresh and access_tokens on signup?

for what reason you switch from simple jwt to drf auth ? got i kinda got confuse

hey, just checked the tutorial it was great but in addition to it how do we do it with custom user model with jwt token ?

Super useful video, I am trying to adapt this to a django/react app but using graphql and really struggling.

How to revoke the access token in order to perform logout operation??

I tried the same but with Google Oauth , But I am getting issue as {"error":"access_denied","error_description":"Your credentials aren't allowed"} once I submit convert-token/ request

Please can you do a video on Django Rest Auth and its SocialConnectViews

Greate Tutorial.. How can I set remember login?

Thank you very much for the tutorial and all the work of the channel. I would like to know if there is any way to add values ​​(such as the expiration time of the token) to the token payload? Again thank you very much!

Hi teacher, could you make a tutorial about Django REST framework + Angular front end login with Facebook?

I wanted to do this with Vue3 instead of react and Google Authentication instead of Facebook. Finally got it working but was a bit of a pain 🤦‍♂

Is normal authentication and login redirection meant to be working following this #9 tutorial? i.e, following from your previous guides?

tip: never skip why you do things. E.g. the grant type, client type.. this is very very important. setting it wrongly can result into a security problem.

Is there a way to do this while keeping simplejwt?

i am getting the error as {"error":"access_denied","error_description":"Authentication process canceled"} while convert-token is called.

Why are these keys (SOCIAL_AUTH_GOOGLE_OAUTH2_KEY ) used?? when they arent even used can you please elaborate !

i have issue with Google OAuth in convert-token server said Bad Request: /auth/convert-token

Can u tell me the way to store access and refresh token in redis?

I noticed in a previous Django authentication tutorial you used Django-allauth rather than drf_social_oauth. What prompted the change?

Is it good idea to use mongodb with django.? Please video about deploy too?

How to give roles like customer & admin for social auth using Django rest framework

I want to allow users to login via google if they already exist in my database. How can i do that?

is there a way to buy your services or something like that ?

Hello! Please! Can you help me with twitter too? I don't know what token to use

please help! my response result from facebook doesn't have email value.

This playlists is incomplete.. Because Forgot password with Email verification missing... Please add this video....Thank you.

In facebook authentication I am getting this error, what should i do? >> Facebook has detected that DRF isn't using a secure connection to transfer information. Until DRF updates its security settings, you won't be able to use Facebook to log in to it. Please help

when i send the facebook's accessToken to convert-token it's response is unauthorized. What could be the problem any solutions?

I'm getting permission error when fetching the post even though I edited the JWT to Bearer. Please help.

I didn't understand what is the use of 'SOCIAL_AUTH_USER_FIELDS', which is used in settings.py. Could you please elaborate?

I tried do it with google but it isnt working can you help me please?

thanks

If anyone is seeing this, do you guys know how to refresh the access token when it expires?

but how to use this token authentication for non social accounts

I'd followed the tutorial till the end. Now I'm not getting this, how do i get the login user data... username, firstname, email ??

Despite using the right client id & secret & username-password, I'm still getting `{"error": "invalid_client"}` error. What am I doing wrong ?

After the user is logged in how am i supposed to get all his data, to display it in its profile. Can you help me with how can i get the users data, cause i just have the access and refresh tokens.

hello please tell me how to retrieve facebook profile picture and save in user model

What is password for a user created by social login? I mean while creating a user in database with information received from facebook, we also need to provide password, what is it? Token gotten from facebook?

i followed every every step and i also clone Final code sample, when i send request from the front-end to backend(/auth/convert-token) after accessing the reference token it gives and bad request error code 400 please help me if im missing something.

why i'm getting 400 bad request, when login through facebook??please please helpout it is urgent

I am getting invalid_client error even when everything is correct

Great video! However, after removing simple-jwt we cannot longer blacklist our refresh tokens. Am I right? If so, how should I combine simple jwt with social login? Perhaps I should use this library, because it uses simple-jwt: github.com/st4lk/django-rest-social-auth

How to hide private key in react? Do you guys have any idea? Please don't say env, that's not hiding at all.

Amazing tutorial, thank you so much