Login authentication using DRF API backend

Hi all I am very new to Django and web dev in general so I would be grateful if any of you can point me in the right direction for the problem below.

So I have this problem where I need to create a centralized login server on the backend (So all user’s info will be stored in this DB, like Oauth and for the frontend, I will render the sites in another server.

The flow would be user enter the website, redirect to the login page at the auth server and redirect back to the front end server something like that.

I have actually followed the trail to learn the REST framework and created a few API endpoints with Token authentication with django-rest-knox, essentially the backend is ready.

Now the question is how can I make communication from the frontend to the user auth server? Many of the tutorials simply use django.contrib.auth because the user auth is bundled on the same server. It is not simply as adding declarators like @login_required() something like that.

How do I store the token generated from the API into the browser and verify this token every time the page is refreshed or navigate to another page etc?

I have read some articles about using Vue/React to do this on top of Django but is it a necessity to do that?


Actually, if the situation is where you’re providing a single source of authority for multiple external sites, you’re closer to a CAS system than OAuth. (OAuth is the reverse situation - you’re protecting one site by allowing users to authenticate through multiple sources.)

See the diagrams at CAS - CAS Protocol to understand the flow of CAS.

(We use CAS as our authentication service across a family of sites.)

Thanks for your reply Ken.

My problem exactly in this stackoverflow question and I believe it is exactly single sign on and I actually followed the answer to use DRF. The question is I have no idea how to implement the communication between front end to the API endpoint.

I will read your article thoroughly for now to see if I can get more insight for now. Thanks

Yea, it’s answers like that that demonstrate why I don’t bother with SO and why I consider that it frequently does more harm than good, and why I recommend that SO be considered the source of last resort.