extra_data not populated with access_token in the register_by_access_token example

[f3r3nc]

I am using python-social-auth in Django app that serves clients from both the web and mobile apps.
The main use case is logging in google+.

There is a google app registered with two client_ids (one web app, and one native app client id shared among iOS and Android).
The mobile app is able to authenticate and receives the auth_token on both mobile platforms.
Scope used:
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/drive.file

Auth in the browser works and the appropriate user is created along with the extra_data, holding the access_token.

So far so good.

My application fits to a use case described in the documentation: http://psa.matiasaguirre.net/docs/use_cases.html#signup-by-oauth-access-token
I'd like to register the client, signing in on the mobile first. The acquired access_token is sent to the web app and the user is created but the auth_token is not saved to the extra_data.

Is this the expected behavior? (I am using django rest framework for the api call but doing a form gives exactly the same result).
What is that ajax parameter do in the example? Examining the call stack, it was not used for the oauth2 case in g+.

It certainly confused me especially, that more users where created for the same g+ user until the userinfo.email scope was not set in the mobile app.
There could have been another solution: (SOCIAL_AUTH_GOOGLE_PLUS_)USE_UNIQUE_USER_ID = True, which is not a documented settings at the moment.
Also note, that the example in the docs is broken. request.backend.do_auth is needed, which it is in the example project.

landing.html: https://gist.github.com/f3r3nc/aa4e0cfb43b7c288ea56.
settings:

SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
    'https://www.googleapis.com/auth/plus.login',
    'https://www.googleapis.com/auth/userinfo.profile',
    'https://www.googleapis.com/auth/userinfo.email',
    'https://www.googleapis.com/auth/drive',
    'https://www.googleapis.com/auth/youtube',
]

pipeline:

SOCIAL_AUTH_PIPELINE = (
    'social.pipeline.social_auth.social_details',
    'social.pipeline.social_auth.social_uid',
    'social.pipeline.social_auth.auth_allowed',
    'social.pipeline.social_auth.social_user',
    'social.pipeline.user.get_username',
    'social.pipeline.user.create_user',
    'social.pipeline.social_auth.associate_user',
    'social.pipeline.social_auth.load_extra_data',
    'social.pipeline.user.user_details',
)

view:

@api_view(['POST'])
@csrf_exempt
@permission_classes((AllowAny,))
@psa('social:complete')
def register_by_access_token(request, backend):
    token = request.DATA.get('access_token')
    user = request.backend.do_auth(token, ajax=True)
    print request.backend.user_data(token)
    if user:
        login(request, user)
        return Response("ok")
    else:
        return Response("Error")

[wamberg]

+1

We (@bbuhai wrote it) have a workaround that at least stores the access_token in extra_data. We pass a response into do_auth. Here's what the call looks like:

user = backend.do_auth(
            access_token=access_token,
            response={'access_token': access_token})

We still don't get expires in the extra_data column though.

[webjunkie]

I have the same problem. I do do_auth manually and cannot figure out where extra_data should get populated. The solution from @wamberg works for the moment though...