First we need to understand what is going on when user submit the request using their facebook account for login
1) User submit the REQUEST using their Facebook account
The mobile app or website will send a “Request” to Facebook
2) Facebook return “FB token” with some params back to the app
3) The mobile app / application will call the API communicate with the database. There is some params will be passed to the database via the API call at the same time. http://localhost:8000/api/social/convert-token
4) Once the database retrieve the API call with the FB token, the “Django Rest Framework Social Oauth” will “Create User + Access_token” in the database
5) Django Rest Framework social Oauth / database will return the “Access_token & Refresh_token” back to the application
Now, we understand the process / protocol and what information have been sent between app and the database. And how user get the access token and refresh token. It is time for testing. As we don’t have the application ready yet, we can use “POSTMAN” for testing purpose to verify our API and backend database.
First we need to get the FB token from Facebook
Copy the “User Token”
In the POSTMAN, Use “POST” with the following Params
- grant_type – convert_token
- backend – facebook
- token – [ that’s the user token you just generate from the facebook ]
Then “Send”, if you can see the access token return from the database in JSON format. It means working fine. You should see user create in the Django database and there is access token associate with the user. However, the access token we used it doesn’t retrieve the email address of the user.
In order to get the email address of the user, we need to get the access token from https://developers.facebook.com/tools/explorer/
Select “Get User Access Token” from the pop down list.
And replace the previous token with the latest one which you just get it from https://developers.facebook.com/tools/explorer/
Send the request from the POSTMAN again. After that, if you check the user info in the Django again. You should be the user profile with email info now.
To test the logout, it is easy.
It is similar for the Sign in process. In the POSTMAN, open another TAB and send the request with the following params
If everything works fine, you should not expect to see anything return from the database.
To confirm, check the Access tokens in the Django. The token should be removed