I am building a web app with a Django backend and React/Redux frontend running on separate servers. I have begun to try and start working on authentication and I cannot find a tutorial that suits my needs. Every tutorial either uses deprecated modules like drf-jwt (as opposed to simple-jwt) or has a simple mono-server that houses both the backend and the frontend in one directory. The former is useless and I do not want to do the latter as I like having the two separate servers for when I move on to deployment. Now can someone direct me to a good source of knowledge for getting this done? It doesn't have to be a tutorial it can be anything. I am really lost and I do not know how to begin.
you can use 3rd party packages djoser: Provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. for more information: https://pypi.org/project/djoser/
I'm using token authentication from Django Rest Framework so, after a login/password verification, the token on response can be used on any DRF endpoint.
Related
I just started learning Django and wanted to make an application with API (probably REST) endpoints so that other developers can use it as well (like GitHub API), and I could connect it to my react app and android app. I want my backend to be on a different server and do not want to build my react app integrated with Django backend using the REST Framework.
Can anyone just give me the general idea of what I need to do?
P.S. Sorry in advance if my question sounds silly, I am still new to backend.
Creating a Django REST API should be your first step. This is pretty simple if you already have a Django app running, and will allow your React app or Android app to connect and access data.
Authentication is a step beyond. You may want to look into implementing authentication on the server you will be hosting your back end on. You can also read through this article for some guidance on implementing auth on the DRF side.
Best of luck!
First off all you can start from this.
https://www.django-rest-framework.org/tutorial/quickstart/
we are developing an application using Angular2 as frontend and Django as a backend. A Django backend is already in place, while the Angular2 application is in development. We chose, for obvious reasons, to use Django REST as a way to communicate with the backend.
The application login and the backend login are done in two different pages but of course the login domain and the user base is the same. The two login are working properly by themselves, but we wanted to find a way to implement a transparent login (so an user can log into any of the two application and be recognized by the other one without re-logging).
The Angular frontend is currently using Token Authentication. The server does send the csfr and session cookie along with the token. Moving to the backend, the csfr cookie is preserved, while the session is not, so a new login is required (of course, backend and Angular frontend are on different subdomains but in the same domain, the cookies are set on the domain, with two dots: '.domain.com') .
Is it possible to do what we desire? Could someone help us find the proper way to do it?
We've done some research and found Django CAS, but it's not clear for us what's about and if it fits our use case.
Thank you very much
Like many, I'm in the process of creating a mobile application backed by a Django application and communicating via REST API. While the choice of the Django Rest Framework was easy, the choice of the additional component is tricky for me. I'm just discovering this ecosystem so it could be that I'm just looking at it the wrong way. These are my requirements:
The users should be able to create and edit an account (userena profile) via the mobile application, without necessarily using a third party (Facebook for example but it is planed for future feature). The registration process should include email verification.
The authentication process should be following OAuth, so the authentication module should provide a way to implement an OAuth provider.
I looked at this page but couldn't find any modules which provided all of these out of the box. Particularly I checked:
Djoser: Seems to provide registration (including email validation), token authentication but no OAuth.
django-rest-auth : Registration (including email verification), token authentication, 3rd part OAuth authentication but no custom OAuth provider implementation (?)
django-rest-framework-social-oauth2: OAuth provider, 3rd part OAuth authentication but no registration.
Did I misunderstand these modules or am I looking at it the wrong way? Otherwise, can the modules be mixed? Which would you advise?
Is there an easy way to take one module and, from there, add a custom implementation of the last functionality? (I saw post about implementing user registration manually but didn't find the email validation part...)
Thank you for your help.
I'm working on a service with REST-api implemented on django rest framework. I'l have web-site with frontend on javascript (possibly, SPA on Knockout), android and iOS apps, which all will be using this API. What is the best way to handle authentication in this case?
I'v read a lot on JWT-tokens (not my case, i must have ability to revoke auth for particular user at any time), sessions (already using django), storing tokens in localStorage and so on.
Should I have one type (tokens?) for all? Or is it normal, to use cookie-based session auth for web and tokens for mobile apps? If web also goes with tokens, where is the best way to store them: cookies or localStorage?
It's perfectly fine to use many authentication methods.
For web app this can be session base auth, assuming that you run it on the same domain. For mobile app you use tokens. DRF will check all methods defined here.
Therefore, remember to enable/disable correct ones.
I am new to stripe integration. I've looked at couple of examples but I'm unsure where I should integrate stripe in my application. My front-end is in Angular and the backend is in django. Should I integrate stripe in Angular code base or django code base?
Both. Front-end: either use Checkout (Embedded Form) or their Custom Form. This will spit out a token that you must process on the server side. If you are using routing or have a complex app, then you probably want a library to abstract away from Stripe's default behaviors, as it uses a simple form action. This will cause a reload or redirection from the page which could be a problem if you don't want to leave the app. I prefer this lightweight wrapper, though others exist: https://github.com/tobyn/angular-stripe-checkout
Server: You include their library for your language (Python if you want) in a script written to process the token. This is what actually sends the charge to Stripe. Just doing the front-end side only sends them a token which shows up in the logs but does nothing. This is where you create a new customer, charge, subscription, etc. according to the API for your language.
Once you've got that set up, then you'll probably want to listen for their webhooks, save the user that is created in your backend with its created from the initial payment, etc.
You can integrate it both in the front-end and back-end, but if it's a single page app and the backend is REST-ful it makes sense to do it in Angular
See this article for example: https://www.airpair.com/javascript/integrating-stripe-into-angular-app