tessl/pypi-social-auth-core
Python social authentication framework with 195+ backend providers for OAuth, OpenID Connect, and SAML integration.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-social-auth-core@4.7.0index.mddocs/
Social Auth Core
A comprehensive Python social authentication framework that enables developers to integrate OAuth, OpenID Connect, SAML, and other social authentication providers into web applications. Social Auth Core provides a unified interface for 195+ authentication backends, a flexible pipeline system for customizing authentication workflows, and framework-agnostic design supporting multiple web frameworks and storage solutions.
Package Information
- Package Name: social-auth-core
- Language: Python
- Installation:
pip install social-auth-core - Optional Dependencies:
pip install social-auth-core[all]for all provider-specific dependencies
Core Imports
import social_coreCommon imports for authentication flows:
from social_core.actions import do_auth, do_complete
from social_core.backends.utils import get_backend, load_backends
from social_core.strategy import BaseStrategy
from social_core.storage import UserMixin, AssociationMixinFor working with specific authentication backends:
from social_core.backends.google import GoogleOAuth2
from social_core.backends.facebook import FacebookOAuth2
from social_core.backends.github import GithubOAuth2Basic Usage
from social_core.actions import do_auth, do_complete
from social_core.backends.google import GoogleOAuth2
from social_core.strategy import BaseStrategy
# Initialize a strategy (framework-specific implementation required)
strategy = MyCustomStrategy(storage=my_storage)
# Initialize a backend
backend = GoogleOAuth2(strategy, redirect_uri='/auth/complete/google/')
# Start authentication flow
auth_response = do_auth(backend, redirect_name='next')
# Complete authentication (in callback view)
user = do_complete(backend, login_func=my_login_func, user=current_user)
# Access user data
if user:
print(f"Authenticated user: {user.username}")
print(f"Provider: {user.social_user.provider}")
print(f"UID: {user.social_user.uid}")
print(f"Access token: {user.social_user.access_token}")Architecture
Social Auth Core is built around several key components that work together to provide flexible social authentication:
- Backends: Provider-specific authentication implementations (OAuth, OpenID, SAML)
- Strategy: Framework-agnostic interface for request/response handling and storage
- Pipeline: Configurable workflow system for processing authentication steps
- Storage: Abstract data models for users, social accounts, and associations
- Actions: High-level functions that orchestrate the authentication flow
This modular design allows the library to work with any Python web framework (Django, Flask, Pyramid, etc.) by implementing a custom strategy class, while maintaining consistent behavior across all authentication providers.
Capabilities
Authentication Actions
High-level functions that orchestrate the complete authentication flow from initiation to completion, handling session management, redirect validation, and pipeline execution.
def do_auth(backend, redirect_name="next"):
"""
Initiate authentication flow with the specified backend.
Parameters:
- backend: Authentication backend instance
- redirect_name: Name of redirect parameter (default: "next")
Returns:
Backend-specific response (redirect or HTML)
"""
def do_complete(backend, login, user=None, redirect_name="next", *args, **kwargs):
"""
Complete authentication flow and return authenticated user.
Parameters:
- backend: Authentication backend instance
- login: Login function to call on successful auth
- user: Current user instance (optional)
- redirect_name: Name of redirect parameter (default: "next")
Returns:
Authenticated user instance or None
"""Authentication Backends
195+ authentication provider implementations supporting OAuth 1.0/2.0, OpenID Connect, SAML, and custom protocols. Each backend handles provider-specific authentication flows, token management, and user data extraction.
class BaseAuth:
"""Base authentication backend class."""
name: str
supports_inactive_user: bool
ID_KEY: str
EXTRA_DATA: list | None
def __init__(self, strategy, redirect_uri=None): ...
def start(self): ...
def complete(self, *args, **kwargs): ...
def auth_url(self) -> str: ...
def authenticate(self, *args, **kwargs): ...
# Major provider backends
class GoogleOAuth2(BaseAuth): ...
class FacebookOAuth2(BaseAuth): ...
class GithubOAuth2(BaseAuth): ...
class TwitterOAuth(BaseAuth): ...
class LinkedinOAuth2(BaseAuth): ...Pipeline System
Configurable workflow system that processes authentication through a series of steps, enabling customization of user creation, data handling, email validation, and account association logic.
DEFAULT_AUTH_PIPELINE: tuple
DEFAULT_DISCONNECT_PIPELINE: tuple
# Pipeline functions
def social_details(backend, details, response, *args, **kwargs): ...
def social_uid(backend, details, response, *args, **kwargs): ...
def auth_allowed(backend, details, response, *args, **kwargs): ...
def social_user(backend, uid, user=None, *args, **kwargs): ...
def get_username(strategy, details, backend, user=None, *args, **kwargs): ...
def create_user(strategy, details, backend, user=None, *args, **kwargs): ...
def associate_user(backend, uid, user=None, *args, **kwargs): ...Storage Models
Abstract base classes and mixins for implementing user accounts, social account associations, and authentication data storage with any database or ORM system.
class UserMixin:
"""Mixin for user social auth models."""
ACCESS_TOKEN_EXPIRED_THRESHOLD: int
provider: str
uid: str | None
extra_data: dict | None
def get_backend(self, strategy): ...
def get_backend_instance(self, strategy): ...
def refresh_token(self, strategy, *args, **kwargs): ...
def set_extra_data(self, extra_data): ...
class AssociationMixin:
"""Mixin for association models."""
class BaseStorage:
"""Abstract base storage interface."""Strategy Interface
Framework-agnostic interface that adapts social-auth-core to work with any Python web framework by implementing request/response handling, session management, and storage operations.
class BaseStrategy:
"""Base strategy class for framework integration."""
ALLOWED_CHARS: str
DEFAULT_TEMPLATE_STRATEGY: type
SESSION_SAVE_KEY: str
def __init__(self, storage=None, tpl=None): ...
def setting(self, name: str, default=None, backend=None): ...
def request_data(self, merge=True): ...
def redirect(self, url: str): ...
def html(self, content: str): ...
def get_pipeline(self, backend): ...
def authenticate(self, *args, **kwargs): ...Utilities and Helpers
Collection of utility functions for URL manipulation, session handling, pipeline data management, user validation, and security operations used throughout the authentication process.
def module_member(name: str): ...
def user_agent() -> str: ...
def url_add_parameters(url: str, params: dict, _unquote_query: bool = False) -> str: ...
def sanitize_redirect(allowed_hosts: list, redirect_uri: str) -> str: ...
def user_is_authenticated(user) -> bool: ...
def user_is_active(user) -> bool: ...
def partial_pipeline_data(backend, user, *args, **kwargs): ...
# Constants
SETTING_PREFIX: str = "SOCIAL_AUTH"
PARTIAL_TOKEN_SESSION_NAME: str = "partial_pipeline_token"Exception Handling
Comprehensive exception hierarchy for handling authentication errors, backend issues, pipeline failures, and security violations with detailed error information.
class SocialAuthBaseException(ValueError):
"""Base class for pipeline exceptions."""
class AuthException(SocialAuthBaseException):
"""Auth process exception."""
class WrongBackend(SocialAuthBaseException):
"""Incorrect authentication service error."""
class MissingBackend(WrongBackend):
"""Missing backend entry error."""
class NotAllowedToDisconnect(SocialAuthBaseException):
"""User not allowed to disconnect social account."""
class StrategyMissingFeatureError(SocialAuthBaseException):
"""Strategy does not support this feature."""