Facebook#
For Facebook both OAuth2 and the Facebook Connect Javascript SDK are supported. You can even mix the two.
An advantage of the Javascript SDK may be a more streamlined user experience as you do not leave your site. Furthermore, you do not need to worry about tailoring the login dialog depending on whether or not you are using a mobile device. Yet, relying on Javascript may not be everybody’s cup of tea.
To initiate a login use:
{% load socialaccount %}
{% providers_media_js %}
<a href="{% provider_login_url "facebook" %}">Facebook Connect</a>
The following Facebook settings are available:
SOCIALACCOUNT_PROVIDERS = {
'facebook': {
'METHOD': 'oauth2', # Set to 'js_sdk' to use the Facebook connect SDK
'SDK_URL': '//connect.facebook.net/{locale}/sdk.js',
'SCOPE': ['email', 'public_profile'],
'AUTH_PARAMS': {'auth_type': 'reauthenticate'},
'INIT_PARAMS': {'cookie': True},
'FIELDS': [
'id',
'first_name',
'last_name',
'middle_name',
'name',
'name_format',
'picture',
'short_name'
],
'EXCHANGE_TOKEN': True,
'LOCALE_FUNC': 'path.to.callable',
'VERIFIED_EMAIL': False,
'VERSION': 'v13.0',
'GRAPH_API_URL': 'https://graph.facebook.com/v13.0',
}
}
- METHOD:
Either
js_sdkoroauth2. The default isoauth2.- SDK_URL:
If needed, use
SDK_URLto override the default Facebook JavaScript SDK URL,//connect.facebook.net/{locale}/sdk.js. This may be necessary, for example, when using the Customer Chat Plugin. If theSDK_URLcontains a{locale}format string named argument, the locale given by theLOCALE_FUNCwill be used to generate theSDK_URL.- SCOPE:
By default, the
emailscope is required depending on whether or notSOCIALACCOUNT_QUERY_EMAILis enabled. Apps using permissions beyondemailandpublic_profilerequire review by Facebook. See Permissions with Facebook Login for more information.- AUTH_PARAMS:
Use
AUTH_PARAMSto pass along other parameters to theFB.loginJS SDK call.- FIELDS:
The fields to fetch from the Graph API
/me/?fields=endpoint. For example, you could add the'friends'field in order to capture the user’s friends that have also logged into your app using Facebook (requires'user_friends'scope).- EXCHANGE_TOKEN:
The JS SDK returns a short-lived token suitable for client-side use. Set
EXCHANGE_TOKEN = Trueto make a server-side request to upgrade to a long-lived token before storing in theSocialTokenrecord. See Expiration and Extending Tokens.- LOCALE_FUNC:
The locale for the JS SDK is chosen based on the current active language of the request, taking a best guess. This can be customized using the
LOCALE_FUNCsetting, which takes either a callable or a path to a callable. This callable must take exactly one argument, the request, and return a valid Facebook locale as a string, e.g. US English:SOCIALACCOUNT_PROVIDERS = { 'facebook': { 'LOCALE_FUNC': lambda request: 'en_US' } }
- VERIFIED_EMAIL:
It is not clear from the Facebook documentation whether or not the fact that the account is verified implies that the email address is verified as well. For example, verification could also be done by phone or credit card. To be on the safe side, the default is to treat email addresses from Facebook as unverified. But, if you feel that is too paranoid, then use this setting to mark them as verified. Due to lack of an official statement from the side of Facebook, attempts have been made to reverse engineer the meaning of the verified flag. Do know that by setting this to
Trueyou may be introducing a security risk.- VERSION:
The Facebook Graph API version to use. The default is
v13.0.- App registration (get your key and secret here)
A key and secret key can be obtained by creating an app. After registration you will need to make it available to the public. In order to do that your app first has to be reviewed by Facebook.
- Development callback URL
Leave your App Domains empty and put
http://localhost:8000in the section labeledWebsite with Facebook Login. Note that you’ll need to add your site’s actual domain to this section once it goes live.