python social auth unregistered domain

Question

I am having difficulty using python-social-auth's implementation with Google.

The error I am receiving is 400: OpenID auth request contains an unregistered domain.

I have checked and rechecked and asked another developer to check the credentials for the project in the Google developers' console, and it all looks good.

I have used python-social-auth successfully in a past Django project, but this time around a solution to this escapes me.

The only differences (as far as I can tell) between this project and the last are:

1. This site is currently a subdomain (test.domain.com)
2. It is behind a Linode load balancer - the two application servers respond on static IPs to the balancer, nginx is configured for the doamin/subdomain, and my DNS records have been updated.

I am aware that Google is in the process of deprecating OpenID, but by settings are configured to use OAuth2:

AUTHENTICATION_BACKENDS = (
    'social.backends.open_id.OpenIdAuth',
    'social.backends.google.GoogleOAuth2',
    'social.backends.google.GoogleOAuth',
    'social.backends.google.GoogleOpenId',
    'social.backends.facebook.FacebookOAuth2',
    'django.contrib.auth.backends.ModelBackend',
    # custom password checker - migrating from old rails site, want to preserve old passwords
    'auth.authentication.legacy_hasher.LegacyCustomerAuthBackend',
)

SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = os.environ.get('SOCIAL_AUTH_GOOGLE_OAUTH2_KEY', 'redacted-key')

SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = os.environ.get('SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET', 'redacted-key')

Is there something that I missed, or something that I failed to configure?

Answer 1

I completely overhauled my auth to make this work. It required no tweaks or forks or anything else of the sort. The issue is with Google and not python-social-auth. However, the docs need to be updated for the project to reflect the changes in Google and portray a recommended/tested strategy.

SOLUTION

The solution is in python-social-auth's issues under google+.

1. In the Google Developer Apps Console, make sure your have your project registered.
2. Under APIs, ensure your have Google+ activated.
3. Under Credentials, generate a new client id...
4. Ensure your domain/subdomain/port are all correct under the origin...
5. Ensure the callback/redirect uri is the same as the origin, plus /complete/google-oauth2/.
6. In your project's urls, make sure that you have social auth set up correctly.
7. Wherever you are putting the link in your templates, make sure you are using {% url 'social:begin' 'google-oauth2' %}

That should take care of it.

VISUAL AID

... can't post images, lack of cred... imgur links ahoy!

APIs and Credentials

apis and creds images

urls.py

url(r'^', include('social.apps.django_app.urls', namespace='social')),

settings.py

AUTHENTICATION_BACKENDS = (
    'social.backends.google.GoogleOAuth2',
    'social.backends.google.GooglePlusAuth',
    'django.contrib.auth.backends.ModelBackend',
)

MIDDLEWARE_CLASSES = (
    'django.middleware.gzip.GZipMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'social.apps.django_app.middleware.SocialAuthExceptionMiddleware',
)

TEMPLATE_CONTEXT_PROCESSORS = (
    'social.apps.django_app.context_processors.backends',
    'social.apps.django_app.context_processors.login_redirect',
    'django.contrib.auth.context_processors.auth',
)

SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = os.environ.get(
    'SOCIAL_AUTH_GOOGLE_OAUTH2_KEY',
    'some_stuff.apps.googleusercontent.com'
)

SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = os.environ.get(
    'SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET',
    'secret'
)

templates

<div class="container">
  <a href="{% url 'social:begin' 'google-oauth2' %}">Login With Google</a>
</div>