POST /social-authSocial Auth
Table of Contents
OAuth1 Provider Flow
For providers that use the OAuth1 protocol such as twitter.
Step 1 of 2: Retrieve an OAuth request token
After retrieving an OAuth request token the client will use this
token to perform authentication against the provider. The provider
will return to the client an oauth token and an oauth verifier. These
two values are needed for step 2. Also, the oauth_token_secret from this
step is required for step 2.
Input
| Name | Type | Description |
|---|---|---|
|
|
Required Possible values: |
|
|
where the user will be sent to after authorizing with the provider. |
Output
{
"oauth_token_secret": "cYwcHxWW7OSnqY5W3FTZPvCJQNPfPX4N",
"oauth_callback_confirmed": "true",
"oauth_token": "0MxsWgAAAAAAwS-_AAABVld_DHo"
}Step 2 of 2: Register/Login the user using the OAuth token and verifier.
POST /social-authInput
| Name | Type | Description |
|---|---|---|
|
|
Required Possible values: |
|
|
Required |
|
|
Required |
|
|
Required |
|
|
Used when the social auth provider does not give us an email address. See the errors section below. |
|
|
Referral code of the person that referred the user. |
OAuth2 Provider Flow
For providers that use the OAuth2 protocl such as facebook.
Step 1 of 1: Register/Login the user using the OAuth code.
Input
| Name | Type | Description |
|---|---|---|
|
|
Required Possible values: |
|
|
Required OAuth authorization code. |
|
|
Required Redirect URI the client used for OAuth2 authentication with the provider. |
|
|
Used when the social auth provider does not give us an email address. See the errors section below. |
|
|
Referral code of the person that referred the user. Note: because authorization codes expire relatively quickly it may not be possible to specify the referral code here. In this case the user’s referral code can be updated. See User Update. |
Shared Output
| Name | Type | Description |
|---|---|---|
|
|
Auth token that is used to login. |
|
|
Whether or not the user is new (just registered) or old (logged in). |
{
"token": "lkja8*lkajsd*lkjas;ldkj8asd;kJASd811",
"is_new": true
}Shared Errors
There are 4 possible errors:
-
{"provider": ["Invalid provider"]}when an invalid provider is given. -
{"non_field_errors": "invalid_credentials"}when invalid oauth credentials are given. -
{"email": "no_email_provided"}when the social provider does not give us an email address and no email is given with the request. The user should be asked to supply an email address. -
{"email": "email_already_in_use"}when the email given by the social provider is already associated to an account. Registration cannot continue.