Facebook aided registration in Django
How to use new Facebook registration tool to show and handle a registration form with data prepopulated from a Facebook account.Facebook introduced few days ago "Facebook registration tool" which is a registration form with some/all fields prepopulated with Facebook data. This encourages users to register: New widget has some useful features like custom fields to make the registration process in one stage. You can find everything in the documentation. In this article I'll show you how to setup basic implementation of this new tool in Django.
Compared to existing tools like Facebook login button or RPXnow this tool may be useful when you need more data from user than Facebook can provide with the login button or through RPX. You can display a nice one form to the user. If you don't need extra data from the user - you can stick with existing solutions.
Requirements - Facebook application
- At start we have to create a basic Facebooku application that will be used by the registration form (if you use RPX or FB Login button you have it already). In the app settings (second tab) we have set the website domain under which we will use the form.
- Write down the application identifier and "App Secret". You can even add that to settings.py.
Embedding the registration widgetThe widget can be embedded by IFRAME or by XFBML. In case of simple iframe it will look like this: Where FACEBOOK_APP_ID is the identifier of your Facebook application. You have to also set the redirect_uri - URL on your website that will handle incoming registration requests from the form. When you open a page with this code you should see the registration form. If the redirect_uri isn't correct then you will get an error message.
Receiving registration data
Facebook will send the data to the specified URL via POST request. Under signed_request we will get a string containing a signature(dot)registration_data. The registration data is JSON encoded by base64. We have to split the string, decode the data and check if the signature is valid (if this is valid Facebook response and not some hacking). The signature is made from the JSON data and "App Secret" of you app.This snippet of code (helper function + Django view) will handle checking and decoding the registration data and making a new user if he isn't registered yet: The view receives the data, decodes and check it then it checks if user exists (by username or email) if not it will create a user account and adds a association for RPX/FB Login button system. If the user does exist - he will be redirected to some login view.
If you want user to be able to login later on your site with login/password without the use of Facebook then you have to add a custom field for the password, or generate a random one and mail it to the user (less user friendly).