Facebook Data Deletion Request Callback with Django
Facebook provide a way to delete a user details from our apps and systems. Some time we use facebook login app for django authentication and its work perfect. But if the user want to delete his facebook book permission from his/her account we should provide a deletion request callback otherwise facebook may deactivate our facebook login app. I get the idea from original doc https://developers.facebook.com/docs/apps/delete-data/
We follow some steps how to create and apply Data deletion request callback with django
- Create a restfull django api url that facebook can send callback request
- Api url insert in developer.facebook.com
- Now delete app access from test facebook account check its work.
How to create Facebook Data Deletion Request Callback with Django api
In django api views.py file write below code
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
import base64 import hashlib import hmac from django.views.decorators.csrf import csrf_exempt @method_decorator(csrf_exempt, name='dispatch') class DataDeletionView(View): def post(self, request, *args, **kwargs): try: signed_request = request.POST['signed_request'] encoded_sig, payload = signed_request.split('.') except (ValueError, KeyError): return HttpResponse(status=400, content='Invalid request') try: decoded_payload = base64.urlsafe_b64decode(payload + "==").decode('utf-8') decoded_payload = json.loads(decoded_payload) if type(decoded_payload) is not dict or 'user_id' not in decoded_payload.keys(): return HttpResponse(status=400, content='Invalid payload data') except (ValueError, json.JSONDecodeError): return HttpResponse(status=400, content='Could not decode payload') try: secret = 'your own app secret key' sig = base64.urlsafe_b64decode(encoded_sig + "==") expected_sig = hmac.new(bytes(secret, 'utf-8'), bytes(payload, 'utf-8'), hashlib.sha256) except: return HttpResponse(status=400, content='Could not decode signature') if not hmac.compare_digest(expected_sig.digest(), sig): return HttpResponse(status=400, content='Invalid request') user_id = decoded_payload['user_id'] try: # now you get facebook user id. you can delete its details from your database like below. user_account = FacebookUserModel.objects.filter(fb_userid=user_id).delete() except FacebookLoginDetails.DoesNotExist: return HttpResponse(status=200) # Own custom logic here return HttpResponse(status=200) |
In urls.py file do this. Below django version 2
|
1 |
url(r'^deauthtication/$',DataDeletionView.as_view(), name="deauthtication") |
now build your call back url is like https://<websitename>.com/deauthtication
Second step:
Insert your https://<websitename>.com/deauthtication in developer.facebook.com app settings
facebook_deletion_callback
Third step:
Go to your demo facebook account and remove your app.
Note : facebook app required https://websitename it not allow http . I inspired to write this article from here https://stackoverflow.com/questions/48609148/handle-facebook-deauthorize-callback-in-python
Related Post
How to setup Django debug toolbar
Convert string to datetime and datetime humanize
