Provider Configuration

Providers typically require various configuration parameters before your users can authenticate with them. For example, for a regular OAuth provider you first need to setup an OAuth app over on the provider developer portal. Then, you need to configure the resulting client ID and client secret in your application.

Even though providers with other protocols may use different terminology, the overall idea remains the same. Throughout allauth the term “social app” (“app” for short) refers to the unit of configuration of a provider. You provide the app configuration either in your project settings.py, or, by means of setting up SocialApp instances via the Django admin. When picking a method, consider the following:

  • Using the Django admin to setup SocialApp instances effectively stores secrets in your database, which has security implications.

  • The SocialApp approach has (optional) support for the Django sites (django.contrib.sites). For example, it allows you to setup multiple apps for one and the same provider, and assign an app to a specific site/domain. This may be of use in a multi tenant setup.

Important: While you can mix both methods, be aware you need to avoid configuring one and the same provider both via settings.py and a SocialApp instance. In that case, it is not clear what app to pick, resulting in a MultipleObjectsReturned exception.

The examples presented in this documentation are all settings based. If you prefer the SocialApp based approach, simply create an entry via the Django admin and populate the fields exactly like listed in the example.

The SOCIALACCOUNT_PROVIDERS setting is used to configure providers and their apps. Next to the secrets that are configured per app, there are also parameters such as VERIFIED_EMAIL that hold for all apps. The following is an example configuration:

SOCIALACCOUNT_PROVIDERS = {
    "github": {
        # For each provider, you can choose whether or not the
        # email address(es) retrieved from the provider are to be
        # interpreted as verified.
        "VERIFIED_EMAIL": True
    },
    "google": {
        # For each OAuth based provider, either add a ``SocialApp``
        # (``socialaccount`` app) containing the required client
        # credentials, or list them here:
        "APPS": [
            {
                "client_id": "123",
                "secret": "456",
                "key": ""
            },
        ],
        # These are provider-specific settings that can only be
        # listed here:
        "SCOPE": [
            "profile",
            "email",
        ],
        "AUTH_PARAMS": {
            "access_type": "online",
        },
    }
}

Note that provider-specific settings are documented for each provider separately.