Auth0 multiple client id

mcueto / djangorestframework-auth0

Library to simply use Auth0 token authentication in DRF within djangorestframework-jwt

MIT License

91 stars 19 forks source link

Auth0 multiple client id #23

Closed Calion54 closed 7 years ago

Calion54 commented 7 years ago

Hello, I'm using auth0 in my project. I have a web app and a mobile app, so there are multiple client id from auth0.

How to put these keys in your library ?

Thank you.

mcueto commented 7 years ago

It's actually unsupported in this moment, BUT i will work this weekend in a solution for it! stay tuned! :D PD: it's also in #17

Calion54 commented 7 years ago

Ok ! Thank you for this answer.

Calion54 commented 7 years ago

I see the possibility to create a non interactive client from auth0 manager. There are example for flask api but not for django rest. that's bad. There may be a possibility to just use the id client and the secret client to communicate with all other applications.

Calion54 commented 7 years ago

I have a solution but I don't know if it's possible. In your settings api, you have a map of object which contains informations (client_id, secret...) You can pass an another header "auth-type": "Android" in your request and when you decode the JWT you find the object with index "auth-type"

So, is it possible to have access of request's header ?

I'm working on this. @mcueto

mcueto commented 7 years ago

@Calion54 thank you!!!!!

Instead of auth-type i would create that parameter as app_code or client_code

I had no time to do this, so sorry and thank you!!!

Calion54 commented 7 years ago

Hello @mcueto

I have created a pull request to manage the multiple clients

mcueto commented 7 years ago

Merged to feature/multiple-clients! it would be ideal to figure out how to not broke the old client settings with the new one. After that, if we decide to broke that or provide a fix(or temporal fix), i will merge to development, then a master, then i'll upload it to pipy.

Thank you @Calion54

mcueto commented 7 years ago

i'll close this Issue once merged to master ;)

Calion54 commented 7 years ago

Hi,

Why do you want to keep the old settings method? It is enough to propose a version 2.

mcueto commented 7 years ago

Only to not to break it up to the people using it, but as i said, we could break it if we decide to ;) so i listen to you :)

may we break the old config? if you answer is yes, this same week i merge this new feature to the master branch ;)

Calion54 commented 7 years ago

I think that the best idea to keep only the new configuration (Manage both would make an illegible code...) I would nevertheless correct and add 2 features :

Customize the field name of the header
the new fields is already mandatory even if there is no need for authorization ... it's not normal ... I will correct this before the pull request.

mcueto commented 7 years ago

@Calion54 Thank you!!! :) no problem with that. So we'll keep only the new configuration :)

mcueto commented 7 years ago

Merged!!! thanks :)