Django authentication with Fediverse software
I am thinking about hosting:
- Fediverse software (e.g. Mastodon, Peertube)
- other software (e.g. superset)
- my Django web app
Problem
- the user may need to signup separately on each software
- hard to support users as authentication is separated
Approach
I am thinking the solution should be SSO (single sign-on).
Usually, I use django-allauth for authentication.
Technical questions
For Django + other software (e.g. superset), is OpenID connect the answer?
What about Django + Fediverse software?
Does anyone have experience integrating Django authentication with ActivityPub protocol (http://activitypub.rocks/)?
1 Like
SSO is something completely different than what allauth provides.
To implement an SSO solution, all sites must accept a common token from a single authentication site. For example, we use the CAS protocol as our SSO solution, using django-cas-server as the authentication source, and django-cas-ng as the Django-based client. We have other, Java-based applications that use a Java CAS client as part of that solution as well.
It doesn’t matter which protocol you select, as long as you have an authentication client for every application that you want to use it with. The key idea here is that none of the applications authenticate users themselves. They defer that authentication to the SSO provider, accepting some type of token as proof of authentication.
Regardless of the solution selected, you will find it helpful to at least understand the flows on that protocol page - you’ll find just about every web-based solution to work effectively the same way, even though some of the specific details may differ.
1 Like
Thanks, I’ll go through that, this is new territory for me. Maybe I’ll share after I get it working
Have you looked at the (now very old) Bouke/django-federated-login project? It was designed to add OpenID authentication, which isn’t the same, but it is a similar methodology I suspect.