Facebook Data Deletion Request Callback with Django

Posted On September 7, 2018 Author : Shariful Islam Nayon

Facebook provide a way to delete a user details from our apps and systems. Some time we use facebook login app for django authentication and its work perfect. But if the user want to delete his facebook book permission from his/her account we should provide a deletion request callback otherwise facebook may deactivate our facebook login app. I get the idea from original doc https://developers.facebook.com/docs/apps/delete-data/

We follow some steps how to create and apply Data deletion request callback with django

Create a restfull django api url that facebook can send callback request
Api url insert in developer.facebook.com
Now delete app access from test facebook account check its work.

How to create Facebook Data Deletion Request Callback with Django api

In django api views.py file write below code

import base64
import hashlib
import hmac
from django.views.decorators.csrf import csrf_exempt
@method_decorator(csrf_exempt, name='dispatch')
class DataDeletionView(View):
    
    def post(self, request, *args, **kwargs):
        try:
            signed_request = request.POST['signed_request']
            encoded_sig, payload = signed_request.split('.')
        except (ValueError, KeyError):
            return HttpResponse(status=400, content='Invalid request')

        try:
            decoded_payload = base64.urlsafe_b64decode(payload + "==").decode('utf-8')
            decoded_payload = json.loads(decoded_payload)

            if type(decoded_payload) is not dict or 'user_id' not in decoded_payload.keys():
                return HttpResponse(status=400, content='Invalid payload data')

        except (ValueError, json.JSONDecodeError):
            return HttpResponse(status=400, content='Could not decode payload')

        try:
            secret = 'your own app secret key'

            sig = base64.urlsafe_b64decode(encoded_sig + "==")
            expected_sig = hmac.new(bytes(secret, 'utf-8'), bytes(payload, 'utf-8'), hashlib.sha256)
        except:
            return HttpResponse(status=400, content='Could not decode signature')

        if not hmac.compare_digest(expected_sig.digest(), sig):
            return HttpResponse(status=400, content='Invalid request')

        user_id = decoded_payload['user_id']

        try:
            # now you get facebook user id. you can delete its details from your database like below.
            user_account = FacebookUserModel.objects.filter(fb_userid=user_id).delete()
        except FacebookLoginDetails.DoesNotExist:
            return HttpResponse(status=200)

        # Own custom logic here

        return HttpResponse(status=200)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

import base64

import hashlib

import hmac

from django.views.decorators.csrf import csrf_exempt

@method_decorator(csrf_exempt, name='dispatch')

class DataDeletionView(View):

def post(self, request, *args, **kwargs):

try:

signed_request = request.POST['signed_request']

encoded_sig, payload = signed_request.split('.')

except (ValueError, KeyError):

return HttpResponse(status=400, content='Invalid request')

try:

decoded_payload = base64.urlsafe_b64decode(payload + "==").decode('utf-8')

decoded_payload = json.loads(decoded_payload)

if type(decoded_payload) is not dict or 'user_id' not in decoded_payload.keys():

return HttpResponse(status=400, content='Invalid payload data')

except (ValueError, json.JSONDecodeError):

return HttpResponse(status=400, content='Could not decode payload')

try:

secret = 'your own app secret key'

sig = base64.urlsafe_b64decode(encoded_sig + "==")

expected_sig = hmac.new(bytes(secret, 'utf-8'), bytes(payload, 'utf-8'), hashlib.sha256)

except:

return HttpResponse(status=400, content='Could not decode signature')

if not hmac.compare_digest(expected_sig.digest(), sig):

return HttpResponse(status=400, content='Invalid request')

user_id = decoded_payload['user_id']

try:

# now you get facebook user id. you can delete its details from your database like below.

user_account = FacebookUserModel.objects.filter(fb_userid=user_id).delete()

except FacebookLoginDetails.DoesNotExist:

return HttpResponse(status=200)

# Own custom logic here

return HttpResponse(status=200)

In urls.py file do this. Below django version 2

url(r'^deauthtication/$',DataDeletionView.as_view(), name="deauthtication")

1	url(r'^deauthtication/$',DataDeletionView.as_view(), name="deauthtication")

now build your call back url is like https://<websitename>.com/deauthtication

Second step:

Insert your https://<websitename>.com/deauthtication in developer.facebook.com app settings

facebook_deletion_callback

Third step:

Go to your demo facebook account and remove your app.

Note : facebook app required https://websitename it not allow http . I inspired to write this article from here https://stackoverflow.com/questions/48609148/handle-facebook-deauthorize-callback-in-python

Shariful Islam Nayon

Shariful Islam | Full Stack Python/Django Developer I am Linux lover self motivated software craftsman open source contributor.My interested area Data Structure,Algorithm,Big data,Machine learning Dhaka, Bangladesh http://nayon.net/

3 Comments

scr888 free credit no deposit 2018 · September 7, 2018 at 4:42 pm

Good job!! can i share this in my blog ?

Sufiistic · January 7, 2019 at 5:24 am

Good man!

Stephenjearm · January 19, 2019 at 11:13 pm

Hi Look what we arrange an eye to you! exquisitepresent

Facebook Data Deletion Request Callback with Django

How to create Facebook Data Deletion Request Callback with Django api

Related Post

How to install python3.7.2 in Ubuntu 18.4

How to setup Django debug toolbar

Shariful Islam Nayon

3 Comments

scr888 free credit no deposit 2018 · September 7, 2018 at 4:42 pm

Sufiistic · January 7, 2019 at 5:24 am

Stephenjearm · January 19, 2019 at 11:13 pm

Leave a Reply