i am using keycloak to login to my angular app instead of django rest API (simple token based authentication ) and i am following this below procedure and flow. so is correct? and i was using simple token(never expire) to for my django API from angular app, after implementing keycloak do i need to use jwt in angular app?
angular web page
click on login
went to keycloak login
login successful
and keycloak returned to angular app with access key, id token , refresh token etc..
what is the next flow , what i need to send to django API from angular app to verify the user if so how to do user.is_authenticated if user sigin up through keycloak because i dont have any user instance in my local django user model. what i need to send from django to angular my old token or keycloak token?
is there any django remote authentication required?
remote middleware required?
any help or suggestion please.
Related
I have a Django app where I use SIMPLE_JWT to authenticate users. I use Django to work with the admin panel, in addition, I use the Django rest framework to transfer data to the React frontend application. During authorization, the React application receives a JWT token, which is then passed along with any requests to Django rest framework endpoints. Now there is a need to create a new FastAPI endpoint. Is there any way to make FastAPI use the same JWT tokens that the Django application accepts (and creates) to check whether the user is authorized and has access rights to the FastAPI endpoint? How to do it most correctly?
I'm building an api server-side on Django. There is a Laravel server with the authentications of my user. I need authenticate my user with Laravel, because I dont want to make other db on Django with the same users.
How can I customize the django to authenticate this way ?
P.S.: Laravel is using bearer token. I need to keep the token on session after validate ?
My site uses Django Rest Framework with an angular frontend and knox tokens for login. I want to add django-wiki to my site and right now it works, except users that login to my site who want to visit the wiki have to login again because django-wiki uses session authentication and my site uses tokens.
Is there a way for a DRF login action to return both a token and a session?
scenario:
user logs in domain-A serving SPA (e.g Angular authenticating via
API to Django using DRF's session authentication backend (cookie
csrftoken, sessionid) in another tab user opens in domain-B
classic django admin and is automatically authenticated?
Is it possible?
I'm using django application with python-social-auth responsible for integration with Linkedin OAuth2 API.
Linkedin returns 500 server error:
{
"error":"server_error",
"error_description":"the authorization server encountered an unexpected condition : Unable to retrieve access token"
}
Steps to reproduce:
Create new LinkedIn app with OAuth 2.0 Redirect URLs set to http://localhost/complete/linkedin-oauth2/?
Setup django app with python-social-auth module:
SOCIAL_AUTH_LINKEDIN_OAUTH2_KEY = <API key>
SOCIAL_AUTH_LINKEDIN_OAUTH2_SECRET = <Secret Key>
Run Django server on port 80 and go to: http://localhost/login/linkedin-oauth2/
Go to Linkedin Settings, choose Groups, Companies & Applications > View your applications, select your application name and submit Remove
Logout user from your Django app and start authentication again: http://localhost/login/linkedin-oauth2/
There's a discussion about this issue on the LinkedIn forums.
Apparently this can happen if you move from OAuth1 to OAuth2.
The proposed remedy until they resolve the problem is to create a new authentication key for our applications.