I had a problem. I had a react app that authenticate, using KeyCloak. From KeyCloak-server i recieve some credentials, like tokens, uuid of user and etc. Then, i am trying to access api on Django Backend, but request.user is Anonymous User. So, how can I can authenticate Django DRF? Should I send credentials from frontend to backend and create User model on backend or I don't need this?
You have to setup some authentication, for example using JWT. https://dev-yakuza.posstree.com/en/django/jwt/
Related
I built an app (Django backend, React frontend) that whenever a client login it will generate JWT authentication. React will store the access token and client can use it to access Django backend database.
Then I want to add in social login feature (Google) so I will get back access token from that as well. However, this access token is different from the JWT access token generated before, so I wonder how can I integrate both ways of logging in a user smoothly on both Django and React?
For JWT I use djangorestframework-simplejwt
For social login I use django-allauth
I can run each individual way perfectly on React, but I don't know how to keep both the installations of JWT and allauth in Django settings.
I have a project where I am creating a React frontend for users to sign SSL certificates. That frontend is used with a Django DRF backend to handle request. Currently, I have authentication specified in each of my views for token and session auth. I can authenticate a user through postman and through a python client using request. But I want to turn this around and be able to login from the front end using react and a login form and keep is secure and safe from XSRF. Ive also been reading about how token auth is insecure because of how tokens get stores in browser local storage.
So my questions are as follows;
Should I use token auth or session auth, and how do I decide which is best?
How to implement that authentication with a React login form?
And how I could protect this from XSRF?
Thanks in advance Stackoverflow Gods
I have a separate structure for backend using GoLang Gin and frontend ReactJS and would like to integrate the Azure AD Oauth2 login.
However, it's ok to authenticate GoLang App or React App, but how to pass the auth info to the backend when I authenticate in frontend using msal-react?
In my current backend API, I use JWT like this to protect APIs:
v1.Use(jwtauth.JWTAuth())
or should I authenticate the backend and pass the info to frontend? but I cannot get it to redirect(Azure login) since they are in different port...
Thanks!
The typical pattern is:
Front-end (React app in your case) uses msal (or other compatible library) to redirect the user to login
Front-end acquires access token for back-end using a scope defined in API app registration (or same app registration)
Front-end attaches access token to back-end requests
Back-end validates access token (signature using public keys from Azure AD, expiry time, audience, issuer, scopes etc.)
In .NET we configure an "authority" for JWT authentication, e.g. "https://login.microsoftonline.com/", and the authentication handler then downloads metadata + public keys from "https://login.microsoftonline.com//.well-known/openid-configuration".
It might be possible to configure something like this for your library as well.
Scopes you typically have to check yourself.
I need to create basic app with a silhouette. What I need to do is:
login with Google
Generate JWT
Use JWT to communicate with backend
I don't really know how this flow should look like. My idea is:
use login with Google in react app
generate Google token
use this token to generate JWT in the backend (using silhouette)
retrieve JWT in frontend
Will that flow work? Is there any simpler/better way to do that?
I had similar problem, so that's my proposal:
Create a controller for social authentication on backend side.
In react app add button for authentication and simply redirect to the
backend endpoint.
Authenticate user on backend, use Silhouette JWTAuthenticator to create a JWT token
Redirect to the react app with JWT token in query params.
Save token and use it in consequtive requests
I would like people to sign in with there Strava account (strava is a cycling/running platform)
Firebase has some default authentication Sign-in providers like Google, twitter etc. but no Strava. Is there any other way I can authenticate users via there Strava account in Firebase?
My project is in AngularJS
Strava authentication API documents
Currently there is a limited list of OAuth providers supported by Firebase Authentication.
If you just want people to be Authenticated against your application I would suggest to implement the OAuth flow by yourself in your client application.
If you also want to store some user state and therefore want to use Firebase you could create a Firebase User Account for every ID Token you receive from your Oauth-Client. People can sign up /sign in to your Firebase backend by providing their ID Token and exchanging it against a Firebase Access token.
Important: Make sure to verify the Strava Id/Access token in some way. Simplest way would be to call the Strava API and see if the token gets accepted.