mcueto
commented
7 years ago If this backend should be used with drf, why settings requiere only one client_id ?
Answer: because it's firstly intended to be used as a One app, multiples REST API approach
If this api is a public api, several web front end will be developed. So how to make it work with several client apps ?
Answer: I dunno what's the best approach to resolve a public api with multiples Apps, it's a inverse approach so i think it's must be planned with more people
Each client_id/client_secrets must be checked ?
Answer: if the simple answer to allow multiples Apps in an API would to simply allow multiple client_id and client_secret, i think it could be problematic. eg: if your public API has 1000 clients asociated(that should be harcoded in your settings.py), each time a client makes a call(with authorization header), the API must check every client_id and client_secret, decode the payload, then if the header is ok(signature verified with one of the client_id-client_secret tuples), get or create the user and authorize the user to interact with the endpoint he's pointing to.
Regards and good weekend
Hello,
Thanks for your Django authentication backend, but one question concerning usage of this lib.
If this backend should be used with drf, why settings requiere only one client_id ? If this api is a public api, several web front end will be developed. So how to make it work with several client apps ?
Each client_id/client_secrets must be checked ?
Regards.