I've got a site that uses Django as a backend and Nuxt for frontend. I'd like to implement the commonly-seen "Remember Me" checkbox when a user logs in. If unchecked, the user should only be logged in for that session and has to log in again the next time they open their browser. If checked, they should stay logged in indefinitely unless they manually log out.
The backend is using Django, with Django Rest Framework and Djoser for authentication. Currently using DRF's TokenAuthentication, and not JWT stuff.
The frontend is using Nuxt, which is using the Nuxt Auth module with the local strategy for logging in. This is saving the token in localStorage, which never expires.
How would I go about adding this "Remember Me" functionality? I'm not even sure which part to modify - either the backend or the frontend.
Related
I'm trying to understand if I can be logged in as a user in both the django admin and frontend at same time in development mode. For some reason both won't work.
If I log out of admin I can request data and do some crud operations in the frontend.
If I'm logged in the admin and logged in the frontend all crud like operations receive a 403 error.
I'm using django/backend nuxt/fronend and docker.
What do I need to do in order to have both logged in and working on data?
Is the auth token set in the cookie? Try setting up an alias for localhost so that you can store cookies from 2 "different" hosts.
https://www.techwalla.com/articles/how-to-change-your-local-host-name
So 1 tab localhost:8080 and one tab myfakedomain.com:8080
I'm using Django and I have the following case.
My main website on dummy.com has the normal login form from Django.
The Django application is providing an API.
I have a Single Page Application on another server with the domain auth.dummy.com
My SPA is using JWT to authenticate the user so he can be logged in into the page auth.dummy.com by using the API provided by dummy.com
How can I archive it that the user who logs in on the domain auth.dummy.com automatically gets logged in into the main website dummy.com?
But I always want to keep the default behaviour from Django so Users can log in into the site from the main domain as well and not only from auth.dummy.com
Is there a special name for this kind of authentication?
I'm confused by all this names: JWT, SSO, OAuth etc.
Have your SPA set the session cookie at the same time you store the JWT. Also make sure to use the same SESSION_COOKIE_DOMAIN on both sites.
Is there a way, when hitting Django admin site, it redirects to a 3rd party authentication page. User logs in there, then gets redirected back to Admin site without having to log in again?
Basically I want to replace Django admin login by another authentication, so I can insert a link to my web app and admins can access admin page right away.
EDIT:
did a bit more research and will refine my problem.
Say I want to login from http://localhost:8000/admin/login/, I assume I need to redirect the user/admin to the 3rd party login page, then once the auth is successful, I should redirect him back to the next page after login. Where/what should I modify?
EDIT2:
I'm following this example
https://auth0.com/docs/sso/current/single-page-apps
Could get the server to run on 5000 but the auth still fails and returns 400
How do I get from my React app in localhost:3000 to my django admin page in localhost:8000 without needing to log in again?
Yes, its possible, you can use authenticate functions to authenticate your request, so when your come back from your 3rd party authentication page you get your response being success or failed and run authenticate function and now your user will be logged... this is kinda a dirty way to do that...
You can also write your own Authentication method and setup at your settings
https://docs.djangoproject.com/en/2.0/topics/auth/customizing/
I'm using ember-simple-auth for my Ember app, but I don't have an API endpoint to authenticate users, rather it does a page redirect to the form and signs a user in, then redirects back to my app. (I don't own the authentication)
After authentication, it gets redirected back to me, so I know on the server side when a user has been successfully authenticated. How do I manually authenticate the users' session when they are redirected back to my app?
Currently I did a hack to write two cookies: ember_simple_auth:access_token and ember_simple_auth:authenticator.
I think setting up the session store manually is an ok solution in this scenario as that will trigger the session to be restored after the redirect (which is on startup of the Ember application). I'd maybe configure a custom authenticator that redirects to the external login page in the authenticate method. That way you have that redirect centralized and it will also be triggered automatically whenever Ember Simple Auth automatically enforces session authentication (e.g. from the AuthenticatedRouteMixin).
I am quite new to django and I am writing an application where I want to separate the client ant the server-side as much as possible so that multiple clients can access my server-side functionality.
Right now I am using Django social auth with Facebook login. Instead of redirecting to another page when login successes or fails I want to return json with success or fail. Is this possible?