Using Django REST Framework as an authentication backend for Django

5
votes

I currently have a large Django project leveraging Django REST Framework.

I have another, smaller Django project that I would like to build off of the main one that doesn't share the database directly but rather grabs necessary data over API.

I would like to override the AUTHENTICATION_BACKEND for the smaller project and have it use the API auth endpoint from the larger one as the authenticator.

Basically the process would go as follows:

  1. User attempts to log into the small Django project using credentials for their user in the large Django-DRF project.
  2. Small Django project sends API login request to large Django-DRF project.
  3. Large Django-DRF project returns API token and serialized user information.
  4. Small Django project auto-adds/updates user to its database with information from large Django-DRF project's response.
  5. Small Django project responds to user client with token so that AJAX requests from Small Django project's pages can be made directly to large Django-DRF project's endpoints.

Are there existing plugins worth leveraging for this use case or should I write my own AUTHENTICATION_BACKEND?

1
djangodjango-rest-frameworkdjango-rest-auth
If your DRF application is compliant with Oauth2 or some otehr standard authentication scheme, you should be able to easily find a backend. If it is not, you might be better off writing your own. It is not that hard.Mad Wombat

1 Answers

3
votes

It sounds like you may want to look into django-rest-framework-jwt. This would allow you to use JWT as your authentication mechanism, which can easily handle your case. The project actually provides an endpoint specifically for what you want, verify_jwt_token. According to the documentation:

In some microservice architectures, authentication is handled by a single service. Other services delegate the responsibility of confirming that a user is logged in to this authentication service. This usually means that a service will pass a JWT received from the user to the authentication service, and wait for a confirmation that the JWT is valid before returning protected resources to the user.

So your workflow would be something like:

  1. User authenticates to your larger API
  2. User receives a JWT back from the authentication request
  3. User sends the JWT along with each request to the smaller API
  4. The smaller API, upon receiving a JWT, forwards it to the verify_jwt_token endpoint in your larger API