I've setup a basic django app using scaffolding which creates all those nice admin panels for free.
I want to expose a REST api so I've followed this tutorial to get it running and add JWT authentication through simplejwt. I have tested my rest auth endpoints, gotten a token and used that token to consume a secured rest endpoint.
The problem is -- as soon as I enable this auth scheme, the admin panel stops working. I can't login at all. Which I guess it makes sense considering I've changed the auth paradigm, but it kinda defeats the purpose of the scaffolding to lose all those free admin panels.
Is it possible to combine both jwt authentication for my REST services while keeping regular authentication scheme for my admin panel?
I want to do a public frontend through REST but keeping my backoffice within the same deployment as the backedn itself.
Related
I am building a web app with a Django backend and React/Redux frontend running on separate servers. I have begun to try and start working on authentication and I cannot find a tutorial that suits my needs. Every tutorial either uses deprecated modules like drf-jwt (as opposed to simple-jwt) or has a simple mono-server that houses both the backend and the frontend in one directory. The former is useless and I do not want to do the latter as I like having the two separate servers for when I move on to deployment. Now can someone direct me to a good source of knowledge for getting this done? It doesn't have to be a tutorial it can be anything. I am really lost and I do not know how to begin.
you can use 3rd party packages djoser: Provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. for more information: https://pypi.org/project/djoser/
I'm using token authentication from Django Rest Framework so, after a login/password verification, the token on response can be used on any DRF endpoint.
I am creating a Flutter project with Django + Django Rest framework as the backend. I want to add user authentication to the app.
I found some ways to achieve that such as Session authentication or token authentication. According to this article, if we want to add user authentication for mobile-based apps, it is best to use token authentication since session authentication is not suited for mobile phones.
Is it really best to use token authentication for mobile-based apps instead of session authentication?
Yes, token is best for mobile client.
Mobile and cookies are not good friends ;)
Token authentication work well for multiple device connection with same account and it's easier to store token.
It's stateless and work without cookies.
I have worked on two projects with Django and flutter.
I think for android or ios projects, token based authentication is best to go with because they are stateless and you can easily manage user roles and permissions for the application too.
From security point of view, it's also better because there's no possibility of creating a CSRF request when you app is using tokens.
Cookies don't fit much with other platform than a browser.
we are developing an application using Angular2 as frontend and Django as a backend. A Django backend is already in place, while the Angular2 application is in development. We chose, for obvious reasons, to use Django REST as a way to communicate with the backend.
The application login and the backend login are done in two different pages but of course the login domain and the user base is the same. The two login are working properly by themselves, but we wanted to find a way to implement a transparent login (so an user can log into any of the two application and be recognized by the other one without re-logging).
The Angular frontend is currently using Token Authentication. The server does send the csfr and session cookie along with the token. Moving to the backend, the csfr cookie is preserved, while the session is not, so a new login is required (of course, backend and Angular frontend are on different subdomains but in the same domain, the cookies are set on the domain, with two dots: '.domain.com') .
Is it possible to do what we desire? Could someone help us find the proper way to do it?
We've done some research and found Django CAS, but it's not clear for us what's about and if it fits our use case.
Thank you very much
I'm working on a service with REST-api implemented on django rest framework. I'l have web-site with frontend on javascript (possibly, SPA on Knockout), android and iOS apps, which all will be using this API. What is the best way to handle authentication in this case?
I'v read a lot on JWT-tokens (not my case, i must have ability to revoke auth for particular user at any time), sessions (already using django), storing tokens in localStorage and so on.
Should I have one type (tokens?) for all? Or is it normal, to use cookie-based session auth for web and tokens for mobile apps? If web also goes with tokens, where is the best way to store them: cookies or localStorage?
It's perfectly fine to use many authentication methods.
For web app this can be session base auth, assuming that you run it on the same domain. For mobile app you use tokens. DRF will check all methods defined here.
Therefore, remember to enable/disable correct ones.
I want to do a very simple web app where you can log-in using your facebook account.
I am very comfortable with the django framework and also angularjs. I have an idea how to integrate these two using tastypie api framework for django.
So if I am correct django's backend would be throwing some JSON which can be used by angularjs and so on.
Where I am confused is the authentication mechanism with facebook.
How do I integrate the Facebook's authentication with my app ?
What would be a good design for such an app ?
I am not expecting a complete design or architecture for my app from anyone , but some direction so that I can go forward with the app .
Thanks :)
I wrote a small article on this subject as it seems it was not clearly explained anywhere. I found it easily done with django-rest-framework instead of tastypie though.
Here are the main steps used to authenticate (I’ll try to add a little schema to illustrate) :
On the angular side, user authenticate on facebook with Oauth.io API (it could be directly with Facebook js API).
Client gets a Facebook authentication token.
FB token is used to ask for authentication on server side.
python-social-auth authenticate with FB with the given token.
django-rest-framework sends back to client a auth token for REST API calls.
Angular client passes the token in headers when making API calls.
You can find my article here about facebook angularjs auth with a django rest backend
This repo is designed with php on authenticate server side but it has all of the facebook login code you would need for angular. It should give you an overall idea of how to get started:
https://github.com/Terumi/AngularJS-Facebook-Login