8👍
If you redirect the user to
{% provider_login_url 'google' %}
and allauth shows the user an intermediate page with
You are about to sign in using a third party account from Google.
when there is no other user associated with the same email address, then you need to add this configuration to bypass the intermediate page:
SOCIALACCOUNT_LOGIN_ON_GET=True
This was added in version 0.47.0, because of a potential vulnerability described in the change notes:
Automatically signing in users into their account and connecting additional third party accounts via a simple redirect ("/accounts/facebook/login/") can lead to unexpected results and become a security issue especially when the redirect is triggered from a malicious web site. For example, if an attacker prepares a malicious website that (ab)uses the Facebook password recovery mechanism to first sign into his/her own Facebook account, followed by a redirect to connect a new social account, you may end up with the attacker’s Facebook account added to the account of the victim. To mitigate this, SOCIALACCOUNT_LOGIN_ON_GET is introduced.
I realise this is answering a slightly different question, because in this case the user isn’t confirming an email, but it’s related, because the user still doesn’t directly sign up/log in.
8👍
Simple solution is to add
SOCIALACCOUNT_LOGIN_ON_GET=True
to your settings.py and it should skip/bypass the sign up form.
3👍
This is an old question with many views, but I faced the same issue today and thought I would share my solution.
The key to resolving this is to follow the django-allauth ‘Advanced Usage’ docs, with the example presented by the custom redirects:
https://django-allauth.readthedocs.io/en/latest/advanced.html#custom-redirects
Except in this instance, what you need to configure is the SOCIALACCOUNT_ADAPTER in settings.py with a subclassed DefaultSocialAccountAdapter, overriding the ‘pre_social_login’ method as such:
from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
from django.conf import settings
from django.contrib.auth import get_user_model
User = get_user_model()
class CustomSocialAccountAdapter(DefaultSocialAccountAdapter):
"""
Override the DefaultSocialAccountAdapter from allauth in order to associate
the social account with a matching User automatically, skipping the email
confirm form and existing email error
"""
def pre_social_login(self, request, sociallogin):
user = User.objects.filter(email=sociallogin.user.email).first()
if user and not sociallogin.is_existing:
sociallogin.connect(request, user)
‘pre_social_login’ is not super well documented, but in the source is a docstring which will help:
https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/adapter.py
- What does TypeError, __init__() missing 1 required positional argument: 'get_response' mean in python?
- Filter on django-import-export
- How to JSON serialize __dict__ of a Django model?
-2👍
You need to explicitly define the ’email’ scope for google in your SOCIALACCOUNT_PROVIDERS settings
'google': { 'SCOPE': ['https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email'],
'AUTH_PARAMS': { 'access_type': 'online' },
}