GeoNode Social Accounts

Allow GeoNode to Login throguh Social Accounts (Facebook and Linkedin)

Base concepts and objects

In order to harmonize the various authentication flows between local accounts and remote social accounts, the whole user registration and authentication codebase has been refactored.

Major changes:

  • geonode-user-accounts has been retired and is not used anymore. This app was only capable of managing local accounts;

  • django-allauth has been integrated as a dependency of geonode. It provides a solution for managing both local and remote user accounts. It is now used for dealing with most user registration and auth flows;

  • django-invitations has also been integrated as a dependency of geonode and is used for managing invitations to new users. This functionality was previously provided by geonode-user-accounts;

  • django-allauth has been extended in order to provide the following additional features:

    • Automatically registering an e-mail with a user when the e-mail is used to connect to a social account;

    • Automatically extract information from the user’s social account and use that to enhance the user’s profile fields on geonode. This was implemented in a pluggable way, allowing custom installs to configure it for other providers;

    • Allow approval of new registrations by staff members before allowing new users to login. This functionality was previously provided by geonode-user-accounts.

  • There are now extra sections on the user’s profile to manage connected social accounts and e-mail accounts

    ../../_images/001_screenshot.png
  • When properly configured, the login and register pages now display the possibility to login with social accounts

    ../../_images/002_screenshot.png

Installation

  • Install the new allauth plugin and remove any of the old dependencies

    pip install -r requirements.txt --upgrade
    pip install -e . --upgrade --no-cache
    pip uninstall geonode-user-accounts -y
    pip uninstall django-user-accounts -y
    
  • ensure sure the DJango model is updated and the templates updated to the static folder

    DJANGO_SETTINGS_MODULE=geonode.local_settings python -W ignore manage.py makemigrations
    DJANGO_SETTINGS_MODULE=geonode.local_settings python -W ignore manage.py migrate
    DJANGO_SETTINGS_MODULE=geonode.local_settings python -W ignore manage.py collectstatic --noinput
    
  • ensure that Social Providers are enabled in your settings:

    # prevent signing up by default
    ACCOUNT_OPEN_SIGNUP = True
    ACCOUNT_EMAIL_REQUIRED = True
    ACCOUNT_EMAIL_VERIFICATION = 'optional'
    ACCOUNT_EMAIL_CONFIRMATION_EMAIL = True
    ACCOUNT_EMAIL_CONFIRMATION_REQUIRED = True
    ACCOUNT_CONFIRM_EMAIL_ON_GET = True
    ACCOUNT_APPROVAL_REQUIRED = True
    
    SOCIALACCOUNT_ADAPTER = 'geonode.people.adapters.SocialAccountAdapter'
    
    SOCIALACCOUNT_AUTO_SIGNUP = False
    
    INSTALLED_APPS += (
        'allauth.socialaccount.providers.linkedin_oauth2',
        'allauth.socialaccount.providers.facebook',
    )
    
    SOCIALACCOUNT_PROVIDERS = {
        'linkedin_oauth2': {
            'SCOPE': [
                'r_emailaddress',
                'r_basicprofile',
            ],
            'PROFILE_FIELDS': [
                'emailAddress',
                'firstName',
                'headline',
                'id',
                'industry',
                'lastName',
                'pictureUrl',
                'positions',
                'publicProfileUrl',
                'location',
                'specialties',
                'summary',
            ]
        },
        'facebook': {
            'METHOD': 'oauth2',
            'SCOPE': [
                'email',
                'public_profile',
            ],
            'FIELDS': [
                'id',
                'email',
                'name',
                'first_name',
                'last_name',
                'verified',
                'locale',
                'timezone',
                'link',
                'gender',
            ]
        },
    }
    
    # Comment out this in case you wont to diable Social login
    SOCIALACCOUNT_PROFILE_EXTRACTORS = {
        "facebook": "geonode.people.profileextractors.FacebookExtractor",
        "linkedin_oauth2": "geonode.people.profileextractors.LinkedInExtractor",
    }
    

Configuration

  1. Go to GeoNode/Django Admin Dashboard and add the Social Apps you want to configure:

admin/socialaccount/socialapp/

go to admin section
  • Linkedin

Linkedin
  • Facebook

Facebook

Warning

Make sure to add the sites you want to enable.

Usage

You need first to create and configure OAuth2 Applications on your Social Providers.

This will require a persoanl or business account, which can access to the developers sections of LinkedIn and Facebook and create and configure new Applications.

That account won’t be visibile to the GeoNode users. This is needed only to generate OAuth2 Client ID and Client Secret Authorization Keys.

In the following sections we will see in details how to configure them for both LinkedIn and Facebook.

LinkedIn Application

(ref.: http://django-allauth.readthedocs.io/en/latest/providers.html)

  1. Go to https://www.linkedin.com/developer/apps and select Create Application

Linkedin Dev
  1. Create a new Company

../../_images/005_socialaouth.png
  1. Fill the informations

Note

The logo must have precise square dimensions

../../_images/006_socialaouth.png
  1. Select the following Default Application Permissions

Warning

Be sure to select the r_basicprofile and r_emailaddress application permissions.

../../_images/007_socialaouth.png
  1. Add OAuth 2.0 Authorized Redirect URLs:

    http://geonode.geo-solutions.it/account/linkedin_oauth2/login/callback/
    http://geonode.geo-solutions.it/account/linkedin/login/callback/
    
../../_images/008_socialaouth.png
  1. Save

../../_images/009_socialaouth.png
  1. Take note of the Authentication Keys

../../_images/010_socialaouth.png
  1. Go to GeoNode/Django admin, Social Applications and select the LinkedIn one

(/admin/socialaccount/socialapp/)

../../_images/011_socialaouth.png
  1. Cut and Paste the Client ID and Client Secret on the related fields

../../_images/012_socialaouth.png
  1. Save

Facebook Application

(ref.: http://django-allauth.readthedocs.io/en/latest/providers.html) (ref.: https://www.webforefront.com/django/setupdjangosocialauthentication.html)

  1. Go to https://developers.facebook.com/apps and Add a New Application

../../_images/013_socialaouth.png
  1. Create the App ID and go to the Dashboard

../../_images/014_socialaouth.png ../../_images/015_socialaouth.png
  1. Take note of the Authentication Keys

../../_images/016_socialaouth.png
  1. Go to GeoNode/Django admin, Social Applications and select the LinkedIn one

(/admin/socialaccount/socialapp/)

../../_images/017_socialaouth.png
  1. Cut and Paste the App ID and Secret Key on the related fields

    ClientID      <--> App Id
    Client Secret <--> Secret Key
    
../../_images/018_socialaouth.png
  1. Save

  2. Go back to the Facebook Application Dashboard and select Settings

../../_images/019_socialaouth.png
  1. Add your App Domain

../../_images/020_socialaouth.png
  1. Click on Add Platform

../../_images/021_socialaouth.png
  1. Select Web Site

../../_images/022_socialaouth.png
  1. Add the URL

../../_images/023_socialaouth.png
  1. And Save

../../_images/024_socialaouth.png
  1. Go to Add Product

../../_images/025_socialaouth.png
  1. Select Facebook Login

../../_images/026_socialaouth.png
  1. Select Web

../../_images/027_socialaouth.png
  1. Go to Settings

../../_images/028_socialaouth.png
  1. Make sure Allow client OAuth and Access via OAuth Web are enabled

../../_images/029_socialaouth.png
  1. Add the valid redirect URIs:

    http://geonode.geo-solutions.it/account/facebook/login/callback/
    http://geondoe.geo-solutions.it/account/login/
    
../../_images/030_socialaouth.png
  1. Save

../../_images/031_socialaouth.png

Login by using Existing Accounts on GeoNode

If you want to enable an already existing user account to login through social apps, you need to associate it to social accounts.

Usually this could be done only by the current user, since this operation requires authentication on its social accounts.

In order to do that you need to go to the User Profile Settings

../../_images/032_socialaouth.png

Click on “Connected social accounts”

../../_images/033_socialaouth.png

And actually connect them

../../_images/034_socialaouth.png ../../_images/035_socialaouth.png