Settings --------------------------------------------------------------- FACEBOOK_APP_ID = '' FACEBOOK_API_KEY = '' FACEBOOK_API_SECRET = '' FACEBOOK_REDIRECT_URI = 'http://example.com/login/' AUTHENTICATION_BACKENDS = ( '.backends.FacebookBackend', ) Models ---------------------------------------------------------------- from django.db import models from django.contrib.auth.models import User class FacebookSessionError(Exception): def __init__(self, error_type, message): self.message = message self.type = error_type def get_message(self): return self.message def get_type(self): return self.type def __unicode__(self): return u'%s: "%s"' % (self.type, self.message) class FacebookSession(models.Model): access_token = models.CharField(max_length=103, unique=True) expires = models.IntegerField(null=True) user = models.ForeignKey(User, null=True) uid = models.BigIntegerField(unique=True, null=True) class Meta: unique_together = (('user', 'uid'), ('access_token', 'expires')) def query(self, object_id, connection_type=None, metadata=False): import urllib import simplejson url = 'https://graph.facebook.com/%s' % (object_id) if connection_type: url += '/%s' % (connection_type) params = {'access_token': self.access_token} if metadata: params['metadata'] = 1 url += '?' + urllib.urlencode(params) response = simplejson.load(urllib.urlopen(url)) if 'error' in response: error = response['error'] raise FacebookSessionError(error['type'], error['message']) return response View ---------------------------------------------------------- from django.contrib import auth from django.http import HttpResponseRedirect from django.shortcuts import render_to_response from django.template import RequestContext import cgi import simplejson import urllib from import settings def login(request): error = None if request.user.is_authenticated(): return HttpResponseRedirect('/yay/') if request.GET: if 'code' in request.GET: args = { 'client_id': settings.FACEBOOK_APP_ID, 'redirect_uri': settings.FACEBOOK_REDIRECT_URI, 'client_secret': settings.FACEBOOK_API_SECRET, 'code': request.GET['code'], } url = 'https://graph.facebook.com/oauth/access_token?' + \ urllib.urlencode(args) response = cgi.parse_qs(urllib.urlopen(url).read()) access_token = response['access_token'][0] expires = response['expires'][0] facebook_session = models.FacebookSession.objects.get_or_create( access_token=access_token, )[0] facebook_session.expires = expires facebook_session.save() user = auth.authenticate(token=access_token) if user: if user.is_active: auth.login(request, user) return HttpResponseRedirect('/yay/') else: error = 'AUTH_DISABLED' else: error = 'AUTH_FAILED' elif 'error_reason' in request.GET: error = 'AUTH_DENIED' template_context = {'settings': settings, 'error': error} return render_to_response('login.html', template_context, context_instance=RequestContext(request)) Template ------------------------------------------------------------------------ {% if error %} {% if error == 'AUTH_FAILED' %}

Authentication failed

{% else %}{% if error == 'AUTH_DISABLED' %}

Your account is disabled

{% else %}{% if error == 'AUTH_DENIED' %}

You did not allow access

{% endif %}{% endif %}{% endif %} {% else %} {% endif %} backends.py ------------------------------------------------------ from django.conf import settings from django.contrib.auth import models as auth_models import cgi import urllib import simplejson from import models class FacebookBackend: def authenticate(self, token=None): facebook_session = models.FacebookSession.objects.get( access_token=token, ) profile = facebook_session.query('me') try: user = auth_models.User.objects.get(username=profile['id']) except auth_models.User.DoesNotExist, e: user = auth_models.User(username=profile['id']) user.set_unusable_password() user.email = profile['email'] user.first_name = profile['first_name'] user.last_name = profile['last_name'] user.save() try: models.FacebookSession.objects.get(uid=profile['id']).delete() except models.FacebookSession.DoesNotExist, e: pass facebook_session.uid = profile['id'] facebook_session.user = user facebook_session.save() return user def get_user(self, user_id): try: return auth_models.User.objects.get(pk=user_id) except auth_models.User.DoesNotExist: return None