Outline
I want to integrate Azure Active Directory for authentication and authorization.
Question
How do I integrate the msal library into a Django web app, because the official Azure examples are using Flask?
And how to map the AppRoles I have defined in the Azure AD app registration to Django groups defined in the Django backend?
There are samples both for Flask and Django. MSAL itself is framework agnostic so it can be used in any. Regarding the app roles claims you can inspect the acquire_token* methods result. It's a dict containing access_token and/or id_token which will contain the role claim.
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
I am building a Django application and I need to connect to an existing external Laravel site to authenticate users. Basically to have two different platforms, but users only have one set of credentials. Also - users should be able to sign up on the Django, and their user is created in the Laravel DB.
The Laravel site has Laravel Passport (OAuth2 based) installed because it uses it for a Flutter app.
I know that REMOTE_USER is "the Django way" of achieving external auth but, I don't know where to go from there. If it makes a difference, the Django app will be a full REST application using DRF because its frontend will be ReactJS.
Can anyone explain how to achieve external auth with Django, particularly when the authentication server is OAuth2 based? Or better yet, how it can work with Laravel Passport in particular.
Thanks
i would like to create a flutter app, with social authentication (Facebook & Google) connected to a Django DRF backend.
I could not find any examples for handling the social authentication at the back-end coming from a flutter app, i only found firebase based tutorials.
Any libraries that work this way? in case there aren't, how could i send the required social account from the phone to my backend?
Thanks!!
I suggest you to use the Google Auth Library for Ruby (because you are using Django) and expose a service that wrap the API and consume the google libraries.
With your API created you can create a Provider / BLoC or whatever State Management you use in Flutter using the Dart Package Http to consume your own Django backend API
If you have any trouble using HTTP Dart/flutter package let me now to create and example
I already have a django app running on App Engine, but the current user authentication is provided by Djoser, which uses a simple token authentication.
Now I want to write some new APIs to third party applications to allow them to access user data. So I need to implement the OAuth2.0 authentication.
I found some libraries such as django-oauth-toolkit. But the tutorial assumes that you build your app and database from scratch. So I wonder if there's a way to use my current user database to do OAuth2.0 authentication, instead of asking the user to signup again with the same username. Thanks.
So there's no need to start all over again from a new user database. One can continue using whatever authentication methods currently being used to register users. Just write a new app (for the new APIs) and add OAuth2 and run a database migration, which will build several tables needed by OAuth2.
When the OAuth2 authentication process starts, these tables will be filled with grants and access tokens and client application related info.
I understand that Google App Engine has it's own user authentication facilities but it offers only three possible way to authenticate:
A Google Account
An account on your Google Apps domain
An OpenID identifier
But what I want is to have the same power that Django's django.contrib.auth gives, with permissions and groups with internal user database. Is there a way to have this Django module ported and used in Google app engine?
You can use non-rel to run Django on App Engine.
http://code.google.com/appengine/articles/django-nonrel.html