Hi! I am trying to figure out how to prepare Google OAuth2 authentication where there are two applications (frontend & backend) with the former initiating the process and the latter handling the actual authentication.

I have tried multiple approaches but none of them worked:

Approach 1

There is an endpoint /api/auth/google that is an instance of SocialLoginView:

class GoogleLogin(SocialLoginView):
    adapter_class = GoogleOAuth2Adapter

The frontend starts the authentication by opening a popup with url: https://accounts.google.com/o/oauth2/v2/auth and following query parameters:

client_id: [REDACTED],
scope: email,
response_type: token,
redirect_uri: [BACKEND]/api/auth/google,

Google redirects to [BACKEND]/api/auth/google/#access_token=[REDACTED]&token_type=Bearer&expires_in=3600 but the response is HTTP 405:

{
    "detail": "Method \"GET\" not allowed."
}

Unfortunately, there are a few problems with that:

• GET is not supported in the view - it probably should be supported as HTTPS hides query params…
• Response comes within # not query params, so presumably implicit flow is not the right one

Approach 2

Let’s use Authorization Code Grant flow. The frontend starts the authentication by opening a popup with url: https://accounts.google.com/o/oauth2/v2/auth and following query parameters:

client_id: [REDACTED],
scope: email,
response_type: code,
redirect_uri: [BACKEND]/api/auth/google,

I have adjusted the /api/auth/google view to match the “documentation” in library code:

class GoogleLogin(SocialLoginView):
    adapter_class = GoogleOAuth2Adapter
    client_class = OAuth2Client
    callback_url = '[BACKEND]/accounts/google/login/callback' # Django-allauth

Again, this leads to GET method not allowed…

Approach 3

Let’s add some code to handle GET requests the way POSTs are handled:

    def get(self, request, *args, **kwargs):
        self.request = request
        self.serializer = self.get_serializer(
            data=self.request.query_params,
            context={'request': request}
        )
        self.serializer.is_valid(raise_exception=True)

        self.login()
        return self.get_response()

This, in turn, leads to an error:

OAuth2Error at /api/auth/google/
Error retrieving access token: b'{\n  "error" : "redirect_uri_mismatch"\n}'

Let me add, that obviously I’ve triple-checked callback URLs in Google Developers Console.

Is there any setup with django-rest-auth and django-allauth that leads to fully-fledged authentication with Google OAuth2 and 2 parties? Why is the documentation on Social Authentication so scarce?