def get(self, request):
if user_obj := self.user_has_permission(request):
login(request, user_obj)
return redirect('/admin/')
return HttpResponseForbidden("You do not have permission to access this page")
Essentially, this view takes the token from the Authorization header, extracts the user from the token, and checks if the user is a superuser. If they are, it redirects them to the admin panel.
When testing this using Postman, I am able to retrieve the HTML content of the admin panel. However, I would like to access the normal admin panel, would it be possible?
Without implementing the Code that i sent before, I can access the Django admin panel by navigating to api.myapp.com/admin, after entering a username and password, I can use all admin features, including editing models, forms, etc.
But now, I would like to authenticate users to the Django admin panel sending a token (Oauth) that we get in the frontend.
So, once that we get the user token from that frontend and we check they have proper permissions to use admin panel, i would like somehow to open the tab api.myapp.com/admin without asking for user/password, as token was already authenticated.
So far, with the Code i sent, i just return the html, that even if i render it, i get the admin panel unformatted and not functional, as i can not edit any model from there.
The result of that authentication needs to be the establishment of a Django session, including the creation and exchange of the session id cookie. (The Django Admin requires sessions, and requires that the user have an authenticated user stored in the session.)
If you want the admin to open in a new tab, then you can use the target attribute in your <a element in your page to cause the response to that link to be opened in a new tab.
If token is valid and user has proper permissions, i just log them in and redirect to admin/
class CustomAdminAuthView(views.View):
def get(self, request):
if user_obj := self.get_authenticated_user(request):
login(request, user_obj)
return redirect('/admin/')
so now, everytime that someone access to admin/, it will goes to admin/login/, it will check their credentials and will redirect them directly to admin autehnticated.