I have a use case where a user wants to login to my system with OAuth2 SSO. That is, they are logged into their organisations SSO, they click a link to my Django application and if the token is valid, they can login.
I have looked at django-oauth-toolkit but this looks like it is made for turning Django with DRF into an OAuth2 authentication server which uses OAuth2 to protect its views.
It has occurred to me that I can write my own middleware to handle this, but I am wondering what people consider to be best practice for this scenario. I’m under the impression that this is a quite common use-case these days.
As always, thank you for your tip and trick.