Skip to content

Getting Google info

The User model

Django Google SSO saves in the database the following information from Google, using current User model:

  • email: The email address of the user.
  • first_name: The first name of the user.
  • last_name: The last name of the user.
  • username: The email address of the user.
  • password: An unusable password, generated using get_unusable_password() from Django.

Getting data on code is straightforward:

from django.contrib.auth.decorators import login_required
from django.http import JsonResponse, HttpRequest

@login_required
def retrieve_user_data(request: HttpRequest) -> JsonResponse:
    user = request.user
    return JsonResponse({
        "email": user.email,
        "first_name": user.first_name,
        "last_name": user.last_name,
        "username": user.username,
    })

The GoogleSSOUser model

Also, on the GoogleSSOUser model, it saves the following information:

  • picture_url: The URL of the user's profile picture.
  • google_id: The Google ID of the user.
  • locale: The preferred locale of the user.

This is a one-to-one relationship with the User model, so you can access this data using the googlessouser reverse relation attribute:

from django.contrib.auth.decorators import login_required
from django.http import JsonResponse, HttpRequest

@login_required
def retrieve_user_data(request: HttpRequest) -> JsonResponse:
    user = request.user
    return JsonResponse({
        "email": user.email,
        "first_name": user.first_name,
        "last_name": user.last_name,
        "username": user.username,
        "picture": user.googlessouser.picture_url,
        "google_id": user.googlessouser.google_id,
        "locale": user.googlessouser.locale,
    })

You can also import the model directly, like this:

from django_google_sso.models import GoogleSSOUser

google_info = GoogleSSOUser.objects.get(user=user)

You can disable this model

If you don't want to save this basic data in the database, you can disable the GoogleSSOUser model by setting the GOOGLE_SSO_SAVE_BASIC_GOOGLE_INFO configuration to False in your settings.py file.

About Google Scopes

To retrieve this data Django Google SSO uses the following scopes for Google OAuth 2.0:

GOOGLE_SSO_SCOPES = [  # Google default scope
    "openid",
    "https://www.googleapis.com/auth/userinfo.email",
    "https://www.googleapis.com/auth/userinfo.profile",
]

You can change this scopes overriding the GOOGLE_SSO_SCOPES setting in your settings.py file. But if you ask the user to authorize more scopes, this plugin will not save this additional data in the database. You will need to implement your own logic to save this data, calling Google again. You can see a example here.

The main goal here is simplicity

The main goal of this plugin is to be simple to use as possible. But it is important to ask the user once for the scopes. That's why this plugin permits you to change the scopes, but will not save the additional data from it.

The Access Token

To make login possible, Django Google SSO needs to get an access token from Google. This token is used to retrieve User info to get or create the user in the database. If you need this access token, you can get it inside the User Request Session, like this:

from django.contrib.auth.decorators import login_required
from django.http import JsonResponse, HttpRequest

@login_required
def retrieve_user_data(request: HttpRequest) -> JsonResponse:
    user = request.user
    return JsonResponse({
        "email": user.email,
        "first_name": user.first_name,
        "last_name": user.last_name,
        "username": user.username,
        "picture": user.googlessouser.picture_url,
        "google_id": user.googlessouser.google_id,
        "locale": user.googlessouser.locale,
        "access_token": request.session["google_sso_access_token"],
    })

Saving the Access Token in User Session is disabled, by default, to avoid security issues. If you need to enable it, you can set the configuration GOOGLE_SSO_SAVE_ACCESS_TOKEN to True in your settings.py file. Please make sure you understand how to secure your cookies before enabling this option.