Closed lchabert closed 7 years ago
If this backend should be used with drf, why settings requiere only one client_id ?
Answer: because it's firstly intended to be used as a One app, multiples REST API approach
If this api is a public api, several web front end will be developed. So how to make it work with several client apps ?
Answer: I dunno what's the best approach to resolve a public api with multiples Apps, it's a inverse approach so i think it's must be planned with more people
Each client_id/client_secrets must be checked ?
Answer: if the simple answer to allow multiples Apps in an API would to simply allow multiple client_id and client_secret, i think it could be problematic. eg: if your public API has 1000 clients asociated(that should be harcoded in your settings.py), each time a client makes a call(with authorization header), the API must check every client_id and client_secret, decode the payload, then if the header is ok(signature verified with one of the client_id-client_secret tuples), get or create the user and authorize the user to interact with the endpoint he's pointing to.
Regards and good weekend
Done thanks to @Calion54 !
Hello,
Thanks for your Django authentication backend, but one question concerning usage of this lib.
If this backend should be used with drf, why settings requiere only one client_id ? If this api is a public api, several web front end will be developed. So how to make it work with several client apps ?
Each client_id/client_secrets must be checked ?
Regards.