django social auth限制用户数据

时间:2013-09-07 14:30:43

标签: django django-socialauth

我已将django social auth's配置为仅从谷歌电子邮件中获取,但谷歌显示此屏幕警告应用程序用户将收集性别,出生日期,图片,语言:

enter image description here

我的django-social-auth配置如下:

WHITE_LISTED_DOMAINS = [ 'some_domain', ]
GOOGLE_WHITE_LISTED_DOMAINS = WHITE_LISTED_DOMAINS
SOCIAL_AUTH_EXTRA_DATA = False    
#LOGIN_ERROR_URL    = '/login-error/' Not set
#SOCIAL_AUTH_DEFAULT_USERNAME = 'new_social_auth_user' Not set
#GOOGLE_CONSUMER_KEY          = '' Not set
#GOOGLE_CONSUMER_SECRET       = '' Not set
#GOOGLE_OAUTH2_CLIENT_ID      = '' Not set
#GOOGLE_OAUTH2_CLIENT_SECRET  = '' Not set
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = False
SOCIAL_AUTH_PROTECTED_USER_FIELDS = ['email',]

INSTALLED_APPS = (
    'django.contrib.auth',
     ...
    'social_auth',
)

如何避免此google消息?

EDITED

我已转移到GoogleOauth2身份验证并继承和更改Google后端:

from social_auth.backends.google import *

GOOGLE_OAUTH2_SCOPE = ['https://www.googleapis.com/auth/userinfo.email',]

class GoogleOAuth2(BaseOAuth2):
    """Google OAuth2 support"""
    AUTH_BACKEND = GoogleOAuth2Backend
    AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/auth'
    ACCESS_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
    REVOKE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/revoke'
    REVOKE_TOKEN_METHOD = 'GET'
    SETTINGS_SECRET_NAME = 'GOOGLE_OAUTH2_CLIENT_SECRET'
    SCOPE_VAR_NAME = 'GOOGLE_OAUTH_EXTRA_SCOPE'
    DEFAULT_SCOPE = GOOGLE_OAUTH2_SCOPE
    REDIRECT_STATE = False

    print DEFAULT_SCOPE  #<------ to be sure

    def user_data(self, access_token, *args, **kwargs):
        """Return user data from Google API"""
        return googleapis_profile(GOOGLEAPIS_PROFILE, access_token)

    @classmethod
    def revoke_token_params(cls, token, uid):
        return {'token': token}

    @classmethod
    def revoke_token_headers(cls, token, uid):
        return {'Content-type': 'application/json'}

但谷歌仍在询问个人资料数据,个人资料仍在范围内:

  

https://accounts.google.com/o/oauth2/auth?response_type=code&scope=https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&redirect_uri= ...

如果我手动修改社交验证代码而不是继承,则运行正常:

def get_scope(self):
    return ['https://www.googleapis.com/auth/userinfo.email',]

我的代码出了什么问题?

2 个答案:

答案 0 :(得分:1)

那是因为谷歌后端使用的默认范围设置为(电子邮件和个人资料信息),它定义为here。为了避免您可以创建自己的谷歌后端,只需设置所需的范围,然后使用该后端而不是内置的后端。例如:

from social_auth.backends.google import GoogleOAuth2

class SimplerGoogleOAuth2(GoogleOAuth2):
    DEFAULT_SCOPE = ['https://www.googleapis.com/auth/userinfo.email']

答案 1 :(得分:1)

不知道如何在AUTHENTICATION_BACKENDS中添加的人,如果使用Omab建议的方式,则需要在setting.py文件中添加新定义的后端:

AUTHENTICATION_BACKENDS = (
    'app_name.file_name.class_name',  #ex: google_auth.views.SimplerGoogleOAuth2
    # 'social_core.backends.google.GoogleOAuth2', # comment this as no longer used
    'django.contrib.auth.backends.ModelBackend',
)

要了解如何创建类SimplerGoogleOAuth2 ,请检查Omab的答案。

相关问题
最新问题