I currently have a large Django project leveraging Django REST Framework.
I have another, smaller Django project that I would like to build off of the main one that doesn't share the database directly but rather grabs necessary data over API.
I would like to override the AUTHENTICATION_BACKEND for the smaller project and have it use the API auth endpoint from the larger one as the authenticator.
Basically the process would go as follows:
User attempts to log into the small Django project using credentials for their user in the large Django-DRF project.
Small Django project sends API login request to large Django-DRF project.
Large Django-DRF project returns API token and serialized user information.
Small Django project auto-adds/updates user to its database with information from large Django-DRF project's response.
Small Django project responds to user client with token so that AJAX requests from Small Django project's pages can be made directly to large Django-DRF project's endpoints.
Are there existing plugins worth leveraging for this use case or should I write my own AUTHENTICATION_BACKEND?
It sounds like you may want to look into django-rest-framework-jwt. This would allow you to use JWT as your authentication mechanism, which can easily handle your case. The project actually provides an endpoint specifically for what you want, verify_jwt_token. According to the documentation:
In some microservice architectures, authentication is handled by a single service. Other services delegate the responsibility of confirming that a user is logged in to this authentication service. This usually means that a service will pass a JWT received from the user to the authentication service, and wait for a confirmation that the JWT is valid before returning protected resources to the user.
So your workflow would be something like:
User authenticates to your larger API
User receives a JWT back from the authentication request
User sends the JWT along with each request to the smaller API
The smaller API, upon receiving a JWT, forwards it to the verify_jwt_token endpoint in your larger API
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
I am using React-native for mobile app and Django as server. How to implement stripe payment gateway? How I can make a payment and send the response to the backend so that in backend I can handle which user is now subscribed?
In web we can do that using stripe-session url. We can hit the url and after successful payment it's return an id, I have to just post the id to the server.
How can I do that with react-native because by doing so I am kicked out from my app and the session url opens in the browser, i can make the payment successfully but cannot redirect to the app.
How to successfully I can implement this with react-native and django?
According to the Docs, React Native provides the Fetch API. You should be able to make POST requests to your Django back-end that way.
You may run into issues with authentication (since Django POST request require CSRF tokens). There are many docs about this topic and you should be able to find a solution that meets your needs with a few searches.
As for how to implement your Stripe payment flow, that depends on how you want to collect payment details for your subscriptions. Stripe public docs have many useful examples from using a Stripe hosted Checkout page, using Stripe Payment Elements, or using the basic Quickstart example to get you started. The Python back-end uses Flask instead of Django but it is not difficult to understand how to translate the functionality from one framework to another.
As a back-up and general best practice, consider utilizing webhooks to ensure your back-end is aware of changes to Stripe records. Financial networks include many asynchronous processes and it's a good idea to not just rely on the Request <-> Response loop.
I already have a django app running on App Engine, but the current user authentication is provided by Djoser, which uses a simple token authentication.
Now I want to write some new APIs to third party applications to allow them to access user data. So I need to implement the OAuth2.0 authentication.
I found some libraries such as django-oauth-toolkit. But the tutorial assumes that you build your app and database from scratch. So I wonder if there's a way to use my current user database to do OAuth2.0 authentication, instead of asking the user to signup again with the same username. Thanks.
So there's no need to start all over again from a new user database. One can continue using whatever authentication methods currently being used to register users. Just write a new app (for the new APIs) and add OAuth2 and run a database migration, which will build several tables needed by OAuth2.
When the OAuth2 authentication process starts, these tables will be filled with grants and access tokens and client application related info.
I am new to stripe integration. I've looked at couple of examples but I'm unsure where I should integrate stripe in my application. My front-end is in Angular and the backend is in django. Should I integrate stripe in Angular code base or django code base?
Both. Front-end: either use Checkout (Embedded Form) or their Custom Form. This will spit out a token that you must process on the server side. If you are using routing or have a complex app, then you probably want a library to abstract away from Stripe's default behaviors, as it uses a simple form action. This will cause a reload or redirection from the page which could be a problem if you don't want to leave the app. I prefer this lightweight wrapper, though others exist: https://github.com/tobyn/angular-stripe-checkout
Server: You include their library for your language (Python if you want) in a script written to process the token. This is what actually sends the charge to Stripe. Just doing the front-end side only sends them a token which shows up in the logs but does nothing. This is where you create a new customer, charge, subscription, etc. according to the API for your language.
Once you've got that set up, then you'll probably want to listen for their webhooks, save the user that is created in your backend with its created from the initial payment, etc.
You can integrate it both in the front-end and back-end, but if it's a single page app and the backend is REST-ful it makes sense to do it in Angular
See this article for example: https://www.airpair.com/javascript/integrating-stripe-into-angular-app
I want to upload a file to a website via a desktop app and then take the user to the website. The website has a web service, but requires authentication as does the web site. Is there a way to do this without forcing the user to authenticate twice (once in the desktop app and once in the web browser)?
Unfortunately, you can't prefill an input of type file for security reasons, which makes sense since the user won't want you uploading arbitrary files from his/her computer. But if they have a desktop app, is there some way around this?
Or maybe make the user log into the web app first and then the authentication cookie can be reused?
Any other ideas?
Thanks,
Ben
I would use the dekstop app as a client to the website app via an api.
So, login via the desktop app. The api returns a authentication token (as Carlos suggested) which might be a md5 hash stored in your database for a certain period of time, possibly matched to the clients ip address.
The desktop app can then make calls on the api (like uploading a file) as a authenticated user (by using the auth token).
When loading the website, perhaps the url is http://website/login/{auth_token} where the auth token is added to the url. The api can check to see if its a valid auth token and consider the user logged in.
You could generate an authentication token that could later be used on the website.
It all depends on the type of authentication of the service and the site. Is it integrated Kerberos, WS-Auth, is it Basic/Digest HTTP, is it forms/cookie ?
This answer will most likely not work in the very general users-on-the-wide-open-web scenario, but in intranet contexts, using Windows Authentication (on an ASP .Net solution), would provide this.