Skip to main content

Overview

Inventario integrates with multiple third-party services to provide authentication, notifications, and AI-powered features. This guide covers configuration and usage of these integrations.

Google OAuth Setup

Inventario uses django-allauth to enable Google OAuth authentication, allowing users to sign in with their Google accounts.

Configuration

The Google OAuth integration is configured in settings.py:
inventario/settings.py
SOCIALACCOUNT_PROVIDERS = {
    'google': {
        'SCOPE': ['profile', 'email'],
        'AUTH_PARAMS': {'access_type': 'online'},
        'VERIFIED_EMAIL': True,
        'APP': {
            'client_id': os.environ.get('GOOGLE_CLIENT_ID', ''),
            'secret': os.environ.get('GOOGLE_CLIENT_SECRET', ''),
            'key': ''
        }
    }
}

Environment Variables

Add these variables to your .env file: 
GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-client-secret
Never commit your .env file to version control. Keep your OAuth credentials secure.

Obtaining Google OAuth Credentials

1

Create Google Cloud Project

Go to Google Cloud Console and create a new project or select an existing one.
2

Enable Google+ API

Navigate to APIs & Services > Library and enable the Google+ API.
3

Create OAuth Credentials

Go to APIs & Services > Credentials and click Create Credentials > OAuth client ID.
  • Application type: Web application
  • Authorized redirect URIs: https://yourdomain.com/accounts/google/login/callback/
4

Copy Credentials

Copy the Client ID and Client Secret and add them to your .env file.

Custom Social Account Adapter

Inventario implements a custom adapter in applications/cuentas/adapters.py that:
  • Blocks inactive users from logging in via Google
  • Downloads profile photos from Google accounts (high resolution)
  • Connects existing accounts by email matching
  • Creates new accounts with admin approval required (inactive by default)
Key features:
applications/cuentas/adapters.py
class CustomSocialAccountAdapter(DefaultSocialAccountAdapter):
    def pre_social_login(self, request, sociallogin):
        # Match existing users by email
        # Block inactive users
        # Update profile photo from Google
        
    def save_user(self, request, sociallogin, form=None):
        # Create new user as inactive
        # Require admin activation

User Flow

1

User clicks 'Sign in with Google'

User is redirected to Google’s OAuth consent screen.
2

Google returns with user data

If email matches existing account → Login directly (if active)If new user → Create account as inactive, require admin approval
3

Admin activates account

Admin sets is_active = True in Django admin panel.
4

User can login

User can now access the system with their Google account.

API Configuration

Django REST Framework

Inventario can be extended with API endpoints using Django REST Framework. Current authentication backends:
settings.py
AUTHENTICATION_BACKENDS = (
    'allauth.account.auth_backends.AuthenticationBackend',
    'django.contrib.auth.backends.ModelBackend',
)

CSRF Protection

For external API access, configure trusted origins:
settings.py
CSRF_TRUSTED_ORIGINS = os.environ.get(
    'CSRF_TRUSTED_ORIGINS',
    'http://127.0.0.1:8000'
).split(',')
Add to .env: 
CSRF_TRUSTED_ORIGINS=https://yourdomain.com,https://api.yourdomain.com

Database Configuration

Inventario uses dj-database-url for flexible database configuration:
settings.py
DATABASES = {
    'default': dj_database_url.config(
        default=f'sqlite:///{BASE_DIR / "db.sqlite3"}',
        conn_max_age=600
    )
}

Supported Databases

Set DATABASE_URL in your .env file: 
DATABASE_URL=postgresql://user:password@localhost:5432/inventario

Media & Static Files

Inventario uses WhiteNoise for static file serving in production:
settings.py
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
Media files (product images, user avatars) are stored in: 
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')

Security Settings

Production Configuration

settings.py
DEBUG = os.environ.get('DEBUG', 'False') == 'True'
ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '*').split(',')

SESSION_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_SECURE = not DEBUG
SESSION_COOKIE_SAMESITE = 'Lax'
CSRF_COOKIE_SAMESITE = 'Lax'

Environment Variables

.env
DEBUG=False
SECRET_KEY=your-secret-key-here
ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
Always set DEBUG=False in production and use a strong, unique SECRET_KEY.

Testing Integrations

Google OAuth

Test the OAuth flow:
  1. Navigate to /accounts/google/login/
  2. Complete Google sign-in
  3. Verify redirect to dashboard or registration confirmation

Local Development

For local development, add http://127.0.0.1:8000 to your Google OAuth redirect URIs: 
http://127.0.0.1:8000/accounts/google/login/callback/

Troubleshooting

Ensure your redirect URI in Google Cloud Console exactly matches:
https://yourdomain.com/accounts/google/login/callback/
Include the trailing slash and correct protocol (https in production).
Check if the user is marked as active in Django admin:
python manage.py shell
>>> from applications.cuentas.models import Usuario
>>> user = Usuario.objects.get(email='[email protected]')
>>> user.is_active
False
>>> user.is_active = True
>>> user.save()
The adapter only downloads real Google profile photos (not default avatars).Photos are saved to media/fotos_perfil/google_profile_username.jpgCheck logs for photo download status.

Next Steps

Notifications

Configure email and SMS notifications

AI Features

Enable OpenAI-powered insights

Build docs developers (and LLMs) love

Get started for freeTalk to us