Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/jtapieromalambo-ctrl/Signia/llms.txt

Use this file to discover all available pages before exploring further.

Signia integrates Google and Facebook OAuth 2.0 social login through django-allauth, allowing users to sign in or register with an existing social account instead of creating a password. The implementation uses a custom SocialAccountAdapter in usuarios/adapters.py that handles post-login routing, blocks re-registration of deactivated accounts, and automatically redirects users to the disability-selection screen on first login. OAuth configuration requires both credentials from the external provider’s developer console and a matching Social Application record in the Django Admin.

Google OAuth Setup

1

Open Google Cloud Console

Go to console.cloud.google.com and sign in with the Google account that will own the OAuth application. If you do not have a project yet, click Select a project → New Project and create one with an appropriate name (e.g. signia).
2

Enable the OAuth consent screen

In the left sidebar go to APIs & Services → OAuth consent screen. Select External as the user type (so any Google account can sign in), fill in the app name (Signia), support email, and authorised domains. Save and continue through the remaining steps — you do not need to add any scopes beyond the defaults for basic login.
3

Create an OAuth 2.0 Client ID

Go to APIs & Services → Credentials → Create Credentials → OAuth 2.0 Client ID. Choose Web application as the application type and give it a name. Under Authorised redirect URIs, add both the development and production callback URLs:
http://127.0.0.1:8000/accounts/google/login/callback/
https://your-domain.up.railway.app/accounts/google/login/callback/
Click Create. Google will display your Client ID and Client Secret — copy both values immediately.
4

Store credentials securely

Do not add these credentials to .env directly — they are registered through the Django Admin (see below), not via environment variables. Store them temporarily in a password manager until you complete the Django Admin step.
The redirect URIs must match exactly — including the trailing slash. A mismatch between the URI registered in Google Cloud Console and the one Django generates will cause a redirect_uri_mismatch error during the OAuth flow. In production, Django generates https:// URIs because settings.py includes SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') for Railway’s reverse proxy.

Facebook OAuth Setup

The Facebook OAuth setup follows the same pattern as Google, using Facebook’s own developer console instead:
1

Create a Facebook App

Go to developers.facebook.com and click My Apps → Create App. Choose Consumer as the app type, name it Signia, and click through the creation wizard.
2

Add Facebook Login product

On the app dashboard, click Add a Product and select Facebook Login → Set Up. Under Facebook Login → Settings, add the same redirect URIs used for Google but with the facebook path:
http://127.0.0.1:8000/accounts/facebook/login/callback/
https://your-domain.up.railway.app/accounts/facebook/login/callback/
3

Copy App ID and App Secret

Go to Settings → Basic and copy your App ID (used as Client ID) and App Secret (used as Secret Key). These map to the same Django Admin fields as the Google credentials.

Registering OAuth Apps in Django Admin

Once you have credentials from the provider, register them as Social Application records so allauth can use them at runtime.
1

Open the Django Admin

Navigate to /django-admin/ and sign in with your superuser account.
2

Update the default Site record

Under Sites → Sites, click on the default site record (ID = 1). Change both Domain name and Display name to your production domain (e.g. your-domain.up.railway.app). For local development only, you can leave it as example.com or change it to 127.0.0.1:8000.
3

Create the Google Social Application

Under Social Accounts → Social applications, click Add social application and fill in:
FieldValue
ProviderGoogle
NameGoogle (or any descriptive label)
Client idYour Google OAuth Client ID
Secret keyYour Google OAuth Client Secret
SitesMove your site from Available to Chosen
Save the record.
4

Create the Facebook Social Application (optional)

Repeat the previous step with Provider: Facebook, using your Facebook App ID as Client id and your Facebook App Secret as Secret key.

allauth Settings Reference

The relevant allauth settings active in settings.py are: 
SITE_ID = 1  # Must match the Sites record updated in Django Admin

SOCIALACCOUNT_EMAIL_AUTHENTICATION = True
SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True  # Auto-links matching emails
SOCIALACCOUNT_AUTO_SIGNUP = True       # Skip sign-up form for new OAuth users
SOCIALACCOUNT_LOGIN_ON_GET = True      # Allow GET-initiated OAuth flows
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_AUTHENTICATION_METHOD = 'email'

SOCIALACCOUNT_PROVIDERS = {
    'google': {
        'SCOPE': ['profile', 'email'],
        'AUTH_PARAMS': {'access_type': 'online', 'prompt': 'select_account'},
    },
    'facebook': {
        'METHOD': 'oauth2',
        'SCOPE': ['email', 'public_profile'],
        'FIELDS': ['id', 'email', 'name'],
    }
}
SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True means that if a user signs in with Google using user@gmail.com and a local account with that same email already exists, allauth will automatically connect the Google login to the existing account rather than creating a duplicate. This prevents fragmented accounts when users switch between password login and social login.

Custom Adapter Behaviour

The SocialAccountAdapter in usuarios/adapters.py overrides four methods from allauth’s DefaultSocialAccountAdapter:
MethodBehaviour
is_open_for_signupBlocks OAuth signup if the email belongs to a previously deactivated (is_active=False) account, showing an error message to the user
save_userEnsures is_active = True is set on the user record after OAuth sign-up
get_login_redirect_urlRoutes users to /seleccionar-discapacidad/ if they have not selected a disability profile yet; otherwise routes sordo users to /reconocimientos/camara/ and others to /traduccion/
get_signup_redirect_urlAlways redirects newly registered OAuth users to /seleccionar-discapacidad/ to complete their profile
OAuth social login will not work until a superuser has completed both the Sites update and the Social Applications record in Django Admin. The SITE_ID environment variable must also be set to 1 (its default). Missing any of these steps will cause allauth to raise a SocialApp.DoesNotExist error during the OAuth callback.

Build docs developers (and LLMs) love

Get started for freeTalk to us