How to implement Passwordless login in Django using Facebook Account Kit

This post implements Account Kit using Django. It can be considered as a python translation of Passwordless Login with Facebook Account Kit. The code for this blog post can be found here.

Introduction

Passwordless login allows a user to log in to the application without having to enter and remember the password. It uses One Time Password called OTP which is delivered to the user via SMS or email.

Facebook provides a service called Account Kit which is used to implement passwordless authentication. Users only need to enter their phone number or email and Account Kit takes care of sending OTP and verifying them.

To implement Account Kit in an application, a developer should have Facebook Developer Account and a Facebook application with “Account Kit” enabled. Detailed instructions for how to do this can be found in this blog under section “Integrating Passwordless Authentication with Facebook Account Kit” and subsection “Getting Started”. After creating an application, remember to change the following values:

• Server Domains should be localhost:8000
• Redirect URLs should be localhostL800/sendcode

Facebook Developer Console — Application Settings

Note: Here we have assumed that the application is running on port 8000. If not, please change it accordingly.

Now let's write the code which will integrate with Account Kit and help a user login to the application.

This post assumes that you are familiar with the following Django concepts:

• Starting a project
• Creating an app using startapp
• Using Django server command
• Setting up and using templates

Assuming that you have set up a barebones Django application and runserver is running successfully.

Now let’s create a new application called logindemo by running startapp command.

Now, let’s add the newly created app logindemo to INSTALLED_APPS in settings.py

Now let’s write our first view which will render the login page and pass some variables which are necessary to initialize account kit.

Here we have defined certain variables which are provided at the time of creating an application in Facebook Developer Console. We will be using the following variables, which should be defined in settings.py file.

Notice here we need to update the value of ACCOUNT_KIT_APP_ID and ACCOUNT_KIT_APP_SECRET obtained from Facebook Developer Console.

Let’s create the template file which will render a login form. The template is placed under logindemo folder and will only work if TEMPLATES variable is properly set up in settings.py file.

Note: This template file assumes that a __base.html is created and it contains a container and js block. For reference, the file can be found here

Now let’s update our urls.py to include the render_login_page view

Now if we open localhost:8000, we will see the following page:

Login Page

Now let’s implement another view which will be responsible for handling the callback received from Facebook’s Server and finally authenticating the users.

This view will render a template called success.html which a user can only see after being authenticated.

Now let’s finally mount this view in the urls.py file.

This completes the entire implementation of Authentication using Account Kit in Django. On successful login, the page would look like:

Page after login is successful

Conclusion

This post walks through implementing passwordless login using Account Kit in Django. Passwordless login is a convenient way of authenticating users without the need of them remembering their passwords.

Acknowledgements:

Much credits to Auth0’s blog post on Passwordless Login with Facebook Account Kit.

If you like my article, consider buying me a coffee here