Tendenci Social Auth implementation instructions

Register or login to post to the forum.
19 Feb, 2018 20:42

Running Tendenci 7.4.2 on AWS EC2. Is there documentation available on how to enable and use the OAuth integrations for Facebook, LinkedIn, Google, and Twitter? I'd like to allow my members to login with any of those.

19 Feb, 2018 21:07

Short version is you would need to enable this in settings.py and/or local_settings.py. Then open the ports.

However, I can't say many clients have had success with this although we have implemented it numerous times. It usually comes down to permissions. For example should a super_user on your primary site also be a super_user on your MOOC running EdX or MayanEDMS?

Check for more OAuth2 docs on djangoproject. And we would certainly appreciate your help with the docs via a pull request from github to help others at https://github.com/tendenci/tendenci/tree/master/docs/source

Ed

20 Feb, 2018 19:11

Thx Ed. I'm still at a bit of a loss as to how to integrate a FB login button on the login.html. I see that this:

https://github.com/tendenci/tendenci/commit/bd68405f056fdc2bd3a9d13d632f25803cf1614e

removed HTML that displayed a FB login link, but when I add the link back and navigate to the login page I get:

NoReverseMatch at /accounts/login/ Reverse for '' with arguments '(u'facebook',)' and keyword arguments '{}' not found. 0 pattern(s) tried: []

I don't see anything that dynamically generates an FB button.

I also don't see any explicit OAuth or FB settings in either local_settings.py or settings.py. I added the following to my local_settings.py with the App Registration values that FB gave me:

FACEBOOK_APP_ID

FACEBOOK_API_SECRET

and also added:

SOCIAL_AUTH_LOGIN_REDIRECT_URL='/'

Edited 20 Feb, 2018 19:12
30 Jun, 2018 00:29

@blowery - sorry for the delay responding. I'm still working through 5k emails in my inbox and it's clear I missed a lot of notifications that were relevant.

The endpoint for oAuth should be different from the endpoint from login for the post-back going forward. That said, most of the team is actually working on the 11 branch so API and oAuth for 7.x is mostly on hold. Even if 11 isn't fully functional yet (templates - it's always the darn templates.)

If hosted on our servers, I block or redirect all files with php extensions and throw back a 444 from the endpoints (unless a client asks us to do otherwise).

Further I will be removing the facebook tracking soon (all PHP really) given their spying/hacking policies. These are clearly illegal with GDPR unless you rewrite your privacy policies. Tendenci does NO central monitoring of sites not hosted on our network - and even then it's only security monitoring data (OSSEC/ELK stack/S3/etc.) and never sold.

I need to write a help file on this, but as the hacking gets worse, I'm leaning more and more to recommending a separate SSO server outside of a tendenci site and then federate credentials in.

If we were funded I'd host our own SSO server as I'm pretty sure I'm more paranoid and focused on security than others. But alas I am not, plus it would be a single point of failure, and I'm not a fan of that.

Regardless = the result will be in the t11 branch which is actively being worked on: https://github.com/tendenci/tendenci/tree/tendenci11

Note: the numbering is being pinned to the version of django for consistency.

Lastly - don't forget you can open up a port to a specific IP and modify the existing api or query the db directly for authentication. It is fully open source after all. Which is kind of awesome. Check /explorer/ on your site and click the "show schema" button.