For a simple proof of concept, I am configuring a Django app to authenticate
against an in-house OAuth2 server via python-social-auth. Note: I
am new to Django, so still trying to figure my way around...
The auth scheme relies on out-of-band account synchronization - i.e.,
only allow existing users, and do not auto-create new ones. However, the
documented pipeline configuration to do "associate only" did not seem to work
the way I thought it would (after various combinations with get_username and social_uid as well); I could only get it work after creating my own
pipeline method to return a dict with a 'user' key.
I started with this config from http://psa.matiasaguirre.net/docs/pipeline.html#authentication-pipeline:
SOCIAL_AUTH_PIPELINE = (
'social.pipeline.social_auth.social_user',
'social.pipeline.social_auth.associate_user',
'social.pipeline.social_auth.load_extra_data',
'social.pipeline.user.user_details'
)
But the first two - social_user and associate_user - do not seem to work if
there is no 'user' key. Without any other guidance on how the 'user' key gets
populated, I came up with:
SOCIAL_AUTH_PIPELINE = (
'ccpoc.auth.load_user',
'social.pipeline.social_auth.associate_user',
)
Where load_user knows to look up the current user based on a custom key
returned in the JSON. While it works, I'm not sure if this is in the 'spirit' of the framework, or if I'm just missing something.
That works, that's the correct approach that goes with the spirit that goes with the application, my docs aren't entirely correct, the pipeline for single association listed there assumes that the user is logged in, which is not the your scenario, but that's not detailed in the doc.