pythondjangopython-social-auth

Python social auth "AuthForbidden"


I am trying to get google authentication working with django using social-auth and I haven't had any luck as of yet. Other questions with similar error messages suggest that it could be caused by whitelisting, but I'd like to accept all gmail suffixes in my app. (no whitelist required)

INSTALLED_APPS = [
    'livereload',  # TODO Remove when finished
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'dashboard.apps.DashboardConfig',
    'user.apps.UserConfig',
    'social_django'
]

Both 'social_django.context_processors.backends' and 'social_django.context_processors.login_redirect' are in my context processors in settings.py.

AUTHENTICATION_BACKENDS = (
 'social_core.backends.open_id.OpenIdAuth',  # for Google authentication
 'social_core.backends.google.GoogleOpenId',  # for Google authentication
 'social_core.backends.google.GoogleOAuth2',  # for Google authentication
 'django.contrib.auth.backends.ModelBackend',
)
urlpatterns = [
    path('dashboard/', include("dashboard.urls", namespace="dashboard")),
    path('admin/', admin.site.urls),
    path('login/', auth_views.LoginView.as_view(), name="login"),
    path('logout/', auth_views.LogoutView.as_view(), name="logout"),
    path('auth/', include("social_django.urls", namespace="social")),
]

When I sign in with google and am redirected to my auth url, I get the message:

AuthForbidden at /auth/complete/google-oauth2/
Your credentials aren't allowed

How do I get this to work properly?

EDIT: I was looking through the error message and found this, if this is of any help to anyone.

http_error_msg = ('401 Client Error: Unauthorized for url: 'https://accounts.google.com/o/oauth2/token')

reason = 'Unauthorized'

self = <Response [401]>

Solution

  • After a few long days of troubleshooting, it came down to a few issues that I should have been paying more attention to.

    1. Make sure your client id and secret are correct, with no whitespaces at the end.
    2. Make sure at the credentials screen (on Google's cloud console) you give BOTH javascript and redirect URLS, this seems to be what caught me out.