How to use django admin panel authenticating user from my frontend?

Hello everyone,

I have developed an application with the backend built in Django and the frontend built in Vue.

Currently, we are retrieving a token on the frontend, which we then send in the headers to authenticate the user.

Now, we would like to apply the same approach to access the Django admin panel.

To achieve this, I have created the following endpoint and view:

URL:
path('admin/login/', CustomAuthView.as_view()),

View:

class CustomAuthView(views.View):

def get(self, request):
    if user_obj := self.user_has_permission(request):
        login(request, user_obj)
        return redirect('/admin/')
    return HttpResponseForbidden("You do not have permission to access this page")

Essentially, this view takes the token from the Authorization header, extracts the user from the token, and checks if the user is a superuser. If they are, it redirects them to the admin panel.

When testing this using Postman, I am able to retrieve the HTML content of the admin panel. However, I would like to access the normal admin panel, would it be possible?

Thanks!

Welcome @mangu75 !

Please clarify what you mean by this:

The “admin panel” is an HTML page.

What is it more precisely that you’re trying to do here?

Thank you!

I’m deploying the backend and the frontend in separate containers on Azure with different domains:

Backend: api.myapp.com
Frontend: myapp.com

Without implementing the Code that i sent before, I can access the Django admin panel by navigating to api.myapp.com/admin, after entering a username and password, I can use all admin features, including editing models, forms, etc.

But now, I would like to authenticate users to the Django admin panel sending a token (Oauth) that we get in the frontend.

So, once that we get the user token from that frontend and we check they have proper permissions to use admin panel, i would like somehow to open the tab api.myapp.com/admin without asking for user/password, as token was already authenticated.

So far, with the Code i sent, i just return the html, that even if i render it, i get the admin panel unformatted and not functional, as i can not edit any model from there.

The result of that authentication needs to be the establishment of a Django session, including the creation and exchange of the session id cookie. (The Django Admin requires sessions, and requires that the user have an authenticated user stored in the session.)

If you want the admin to open in a new tab, then you can use the target attribute in your <a element in your page to cause the response to that link to be opened in a new tab.

Thank you!

At last I followed a different approach. I´m sharing here in case it can be usefull for anyone:

i added belows urls:

path("admin/login/", CustomAdminAuthView.as_view()),
path("admin/", admin.site.urls),

and i send the user token in the headers.

If token is valid and user has proper permissions, i just log them in and redirect to admin/

    class CustomAdminAuthView(views.View):
        def get(self, request):
            if user_obj := self.get_authenticated_user(request):
                login(request, user_obj)
                return redirect('/admin/')

so now, everytime that someone access to admin/, it will goes to admin/login/, it will check their credentials and will redirect them directly to admin autehnticated.