Snippet List
The way to manually control CSRF correctness for FB applications. Automatic check cannot be used because FB does POST on your canvas URL when initializing your application without CSRF token. If you still want to use Django CSRF stuff do manual checks.
You only need to perform manual check when there is no correct signed_request present in your request - correct request means you really deal with FB. Use facebook_csrf_check to verify POST requests when signed_request is absent.
- django
- python
- post
- facebook
- csrf
- fb
This assumes that you have a method called **decode_signed_request** which will validate the signed_request parameter and return None if the validation check fails.
A similar method can be found here - https://github.com/iplatform/pyFaceGraph/blob/70e456c79f1ac1c7eddece03af323346a00481ef/src/facegraph/canvas.py
- django
- python
- post
- facebook
- csrf
- fb
Authentication through Facebook's Graph API. See
[http://developers.facebook.com/docs/authentication/](http://developers.facebook.com/docs/authentication/)
[http://developers.facebook.com/docs/authentication/permissions](http://developers.facebook.com/docs/authentication/permissions)
[http://developers.facebook.com/docs/api](http://developers.facebook.com/docs/api)
[http://github.com/facebook/python-sdk/blob/master/examples/oauth/facebookoauth.py](http://github.com/facebook/python-sdk/blob/master/examples/oauth/facebookoauth.py)
Define the facebook tokens in settings.py and replace <app_name> with the name of your app. You will probably want to modify the scope on the authorize link in the template, see the authentication permissions link.
This updates the user model every time the user logs in but I think that it is okay so the data is always correct. I have tested this but not rigorously. If there is a hole and everyone gets admin rights to your site don't say I didn't warn you :).
Comments are appreciated.
16 June 2010 Added missing imports. Cleaned up the template.
Shouts out to @obeattie and @whalesalad
- graph
- authentication
- login
- auth
- facebook
- oauth
This adds an 'fbshell' management command which starts up a Python shell with an authenticated [pyfacebook](http://code.google.com/p/pyfacebook/) instance ready to make requests.
This is very useful for testing out facebook requests or performing administration tasks without hooking a debugger into your application.
This snippet should be saved to
/yourproject/management/commands/fbshell.py
See [custom management commands](http://docs.djangoproject.com/en/dev/howto/custom-management-commands/) for a description of how this works.
If you are already using pyfacebook in your app then you'll already have the right settings, so just run :
$ python manage.py fbshell
A browser window will pop up, prompting you for authentication (unless you're already logged in to facebook). Press enter in the shell when you're finished this, and you'll be dropped into a shell with the session key, uuid, and name printed.
Now you can use the facebook instance:
>>> facebook.friends.get()
>>> [...]
If you haven't used pyfacebook in your app, you'll need at least the following settings in your settings.py
FACEBOOK_API_KEY = 'your_api_key'
FACEBOOK_SECRET_KEY = 'your_secret_key'
- management
- shell
- facebook
- command
This middleware will look for the cookies set when a Facebook Connect user authenticates to your site, read those cookies, determine if the logged in user is your Facebook friend and then log that user into your Django-powered site.
If you don't need the bit about friend verification, it should be trivial to strip out.
There are a couple of other things that are needed to get FB Connect working with your site, and you can find a more detailed entry [here (http://nyquistrate.com/django/facebook-connect/)](http://nyquistrate.com/django/facebook-connect/).
- middleware
- facebook
- facebook-connect
**How to use**:
1. Install [**PyFacebook** package](http://wiki.developers.facebook.com/index.php/PythonPyFacebookTutorial).
2. After make all steps in tutorial above, put this code in your app's models.py module (you maybe prefer split it and put the middleware class in some other file).
3. Put the FacebookUserMiddleware python-path in the MIDDLEWARE_CLASSES in your settings.py (after facebook.djangofb.FacebookMiddleware).
You probably will add some fields to FacebookUser model class :)
8 snippets posted so far.