Authentication & Social Login
Overview
Guejmi supports both traditional username/password authentication and OAuth-based social login via Google, Facebook, and X (Twitter).
Architecture
- Library:
django-allauthhandles the OAuth flows. - Token Auth:
dj-rest-authmanages JWT token generation. - Flow:
- Frontend redirects user to Backend (
/accounts/google/login/). - Backend redirects to Provider (Google).
- User approves.
- Provider redirects back to Backend.
- Backend processes code, creates user, and generates JWT.
- Backend redirects to Frontend (
/auth/callback?access=...&refresh=...). - Frontend stores tokens and logs user in.
- Frontend redirects user to Backend (
Authentication Flow Diagram
sequenceDiagram
participant User
participant Frontend
participant Backend
participant Provider
User->>Frontend: Click "Login with Google"
Frontend->>Backend: Redirect to /accounts/google/login/
Backend->>Provider: OAuth authorization request
Provider->>User: Show consent screen
User->>Provider: Approve
Provider->>Backend: Callback with auth code
Backend->>Backend: Exchange code for tokens
Create/authenticate user
Backend->>Backend: Generate JWT tokens
Backend->>Frontend: Redirect to /auth/callback?access=...&refresh=...
Frontend->>Frontend: Store tokens in localStorage
Frontend->>Backend: Fetch user data (with JWT)
Backend->>Frontend: Return user data
Frontend->>User: Redirect to homepage (authenticated)
Setup Guide
1. Google OAuth
- Console: Google Cloud Console
- Redirect URI:
https://your-backend-domain.com/accounts/google/login/callback/ - Env Vars:
GOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRET
2. Facebook Login
- Console: Meta for Developers
- Redirect URI:
https://your-backend-domain.com/accounts/facebook/login/callback/ - Env Vars:
FACEBOOK_APP_IDFACEBOOK_APP_SECRET
3. X (Twitter) Login
- Console: Twitter Developer Portal
- Redirect URI:
https://your-backend-domain.com/accounts/twitter/login/callback/ - Env Vars:
TWITTER_API_KEYTWITTER_API_SECRET