{"id":2289,"library":"social-auth-app-django","title":"Django Social Auth","description":"social-auth-app-django is the official Django component of the Python Social Auth ecosystem, providing an easy-to-set-up social authentication and registration mechanism for Django projects. It integrates `social-auth-core` to support a wide array of OAuth and OpenID providers. The library is actively maintained, with version 5.7.0 being the latest, and focuses on supporting current Django releases.","status":"active","version":"5.7.0","language":"en","source_language":"en","source_url":"https://github.com/python-social-auth/social-app-django","tags":["django","authentication","social login","oauth","openid","security"],"install":[{"cmd":"pip install social-auth-app-django","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Provides the core social authentication logic and backends.","package":"social-auth-core","optional":false},{"reason":"The framework this library integrates with.","package":"Django","optional":false},{"reason":"Build dependency for installation.","package":"setuptools","optional":true}],"imports":[{"note":"Required to register the application in Django's settings.","symbol":"social_django","correct":"INSTALLED_APPS = ['social_django']"},{"note":"Example of importing a specific social backend for configuration in AUTHENTICATION_BACKENDS.","symbol":"GoogleOAuth2","correct":"from social_core.backends.google import GoogleOAuth2\nAUTHENTICATION_BACKENDS = ('social_core.backends.google.GoogleOAuth2', ...)"},{"note":"Integrates the social authentication URLs into your project's URL configuration.","symbol":"social_django.urls","correct":"from django.urls import include, path\nurlpatterns = [path('oauth/', include('social_django.urls', namespace='social'))]"},{"note":"Optional middleware for handling social authentication exceptions and displaying messages.","symbol":"SocialAuthExceptionMiddleware","correct":"MIDDLEWARE = [..., 'social_django.middleware.SocialAuthExceptionMiddleware']"}],"quickstart":{"code":"import os\n\n# settings.py\nINSTALLED_APPS = [\n # ... existing apps ...\n 'django.contrib.auth',\n 'django.contrib.sessions',\n 'social_django',\n]\n\nMIDDLEWARE = [\n # ... existing middleware ...\n 'django.contrib.sessions.middleware.SessionMiddleware',\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n 'social_django.middleware.SocialAuthExceptionMiddleware',\n]\n\nAUTHENTICATION_BACKENDS = (\n 'social_core.backends.google.GoogleOAuth2',\n 'django.contrib.auth.backends.ModelBackend',\n)\n\nSOCIAL_AUTH_GOOGLE_OAUTH2_KEY = os.environ.get('GOOGLE_OAUTH2_KEY', '')\nSOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = os.environ.get('GOOGLE_OAUTH2_SECRET', '')\nSOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = ['email', 'profile']\n\nLOGIN_URL = '/login/'\nLOGIN_REDIRECT_URL = '/'\nLOGOUT_REDIRECT_URL = '/'\n\nTEMPLATES = [\n {\n 'BACKEND': 'django.template.backends.django.DjangoTemplates',\n 'DIRS': [],\n 'APP_DIRS': True,\n 'OPTIONS': {\n 'context_processors': [\n # ... existing context processors ...\n 'social_django.context_processors.backends',\n 'social_django.context_processors.login_redirect',\n ],\n },\n },\n]\n\n# urls.py\nfrom django.urls import include, path\n\nurlpatterns = [\n path('oauth/', include('social_django.urls', namespace='social')),\n # ... other paths ...\n]\n\n# In your login template (e.g., login.html)\n# Login with Google","lang":"python","description":"This quickstart outlines the essential configuration for integrating Google OAuth2 login into a Django project. It covers adding `social_django` to `INSTALLED_APPS` and `MIDDLEWARE`, configuring authentication backends, defining OAuth2 credentials using environment variables, setting redirect URLs, adding context processors for templates, and including the `social_django` URLs. Remember to run `python manage.py migrate` after configuration."},"warnings":[{"fix":"Consult `social-auth-core` and `social-auth-app-django` documentation regarding registry usage if your custom code interacts with internal backend registration mechanisms.","message":"Version 5.7.0 integrated with `social_core` using a registry instead of monkey patching. While generally an internal change, custom integrations relying on previous monkey-patching behavior might require adjustments. Always review the changelog for details if you have highly customized setups.","severity":"breaking","affected_versions":">=5.7.0"},{"fix":"Ensure your project uses Python >= 3.10 and a supported Django version (e.g., 4.2, 5.0, 5.1, 5.2). Refer to the official documentation for the precise list of currently supported versions.","message":"Support for older Django and Python versions has been progressively dropped in recent releases. Version 5.2.0 removed support for Django < 3.2, and 5.5.0 dropped support for additional older Django versions. The library now requires Python >= 3.10 and is compatible with Django versions 4.2, 5.0, 5.1, and 5.2.","severity":"breaking","affected_versions":">=5.2.0, >=5.5.0"},{"fix":"Upgrade to `social-auth-app-django` version 5.6.0 or higher. Review and potentially customize `SOCIAL_AUTH_ACTIVE_USERS_FILTER` if using a custom user model without an `is_active` field.","message":"A security vulnerability (CVE-2025-61783) in versions prior to 5.6.0 allowed for potentially unsafe account association via email, even if the `associate_by_email` pipeline was not explicitly enabled. Version 5.6.0 fixed this issue, and also introduced a change where storage now filters for active users; you might need to customize `SOCIAL_AUTH_ACTIVE_USERS_FILTER` if your custom user model lacks an `is_active` field.","severity":"gotcha","affected_versions":"<5.6.0"},{"fix":"Upgrade to `social-auth-app-django` version 5.4.1 or higher. If using MySQL/MariaDB with an affected version, consider changing the collation of the user ID field as an immediate workaround.","message":"A security vulnerability (CVE-2024-32879) in versions prior to 5.4.1 addressed improper handling of case sensitivity with MySQL/MariaDB databases, where the default case-insensitive collation could cause different user IDs to match. This could lead to account spoofing.","severity":"gotcha","affected_versions":"<5.4.1"},{"fix":"Use PostgreSQL or MySQL for production. For SQLite/MySQL, set `SOCIAL_AUTH_UID_LENGTH = 223` in `settings.py` if encountering UID length errors.","message":"SQLite has field length limitations that can cause issues, especially with UIDs from social providers. For production environments, PostgreSQL or MySQL are recommended. If using MySQL InnoDB or SQLite, you might need to add `SOCIAL_AUTH_UID_LENGTH = 223` to your settings to avoid database errors.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Only enable `associate_by_email` if you are certain that all your configured social providers rigorously validate email addresses. Otherwise, consider alternative association methods or manual verification steps.","message":"The `SOCIAL_AUTH_PIPELINE` setting, if configured with `social_core.pipeline.social_auth.associate_by_email`, can be insecure. This is because not all social providers validate the user's email address, potentially allowing a malicious user to claim an existing account by registering with a non-validated email on a third-party provider that matches an email in your system.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Store all API keys and secrets in environment variables (e.g., using `os.environ.get`) or a secrets management service, and ensure they are excluded from your repository.","message":"Sensitive credentials (like `SOCIAL_AUTH_GOOGLE_OAUTH2_KEY` and `SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET`) should never be committed to version control. Always use environment variables or a secure configuration management system.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}