Comments (4)
This part from the docs is important:
As calling this endpoint results in a user facing redirect (302), this call is only available in a browser, and must be called in a synchronous (non-XHR) manner.
You are using fetch
-- just use a regular form POST (as in done in the demo code link above).
from django-allauth.
Bonus question: Why do i need to send X-CSRFToken
?
"X-CSRFToken": Cookies.get("csrftoken"),
Without django logs Forbidden (CSRF token missing.): /_allauth/browser/v1/auth/provider/redirect
. I would image allauth could take care of all that?
from django-allauth.
You do not need to send X-CSRFToken
to pass the CSRF protection. Instead, you could attach the token to the request body.
login: async function() {
await fetch("_allauth/browser/v1/auth/provider/redirect", {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
body: new URLSearchParams({
provider: this.type,
callback_url: "/account/logged-in/",
process: "login",
csrfmiddlewaretoken: Cookies.get("csrftoken")
})
})
}
Since Discord disallows that header, try this option. I think it should work.
See for example, the demo code.
from django-allauth.
This part from the docs is important:
As calling this endpoint results in a user facing redirect (302), this call is only available in a browser, and must be called in a synchronous (non-XHR) manner.
You are using
fetch
-- just use a regular form POST (as in done in the demo code link above).
Thank you, the postForm worked. Yeah sorry, I read that documentation, but i didnt understand what non-XHR manner meant and didnt think to check it up.
from django-allauth.
Related Issues (20)
- How to match existing, local accounts to social accounts by username? HOT 2
- Headless mode: reset password not working HOT 2
- is_existing not updating after saving a new user connected to SocialLogin HOT 3
- module 'jwt' has no attribute 'PyJWTError' HOT 1
- Headless Demo: Add ability to delete user
- Headless Logout should return 200 instead of 401 HOT 2
- Adding class for input doesn't word HOT 1
- Document the usage of (dynamic) auth_params such as kc_idp_hint within provider_login_url
- [Headless] Auth not working in headless mode via sessionid cookie HOT 1
- Change in socialaccount providers imports causing pytest error HOT 2
- Allow to customize tokens mock in OAuth2TestsMixin HOT 6
- Google access token and refresh token are not getting saved in `SocialToken` model
- [Suggestion] Signing up should (re)send verification mail HOT 7
- [Suggestion] Make it possible to patch `reverse()` HOT 8
- [Suggestion] Add a small tip about rates when testing HOT 2
- Forcing use of SAML nameID for email HOT 1
- can not login with google account in deployment HOT 1
- Outdated user object passed to `complete_social_signup` HOT 2
- Specifying a Discovery service URL HOT 1
- Page listing social connections should use email addresses or usernames, instead of names
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-allauth.