About me
about.me/jakub.wasielak/
kuba.wasielak@gmail.com
About me
about.me/jakub.wasielak/
kuba.wasielak@gmail.com
About me
about.me/jakub.wasielak/
kuba.wasielak@gmail.com
Python
Challenges
About me
about.me/jakub.wasielak/
kuba.wasielak@gmail.com
About me
about.me/jakub.wasielak/
kuba.wasielak@gmail.com
The problem
The problem
At first I was like
But then
well, not so sure
The solution
(summary)
- Django API
- Facebook OAuth authentication
- JWT generation in DRF
- React setup with Axios
Demo time
Part 1. OAuth
What is OAuth?
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.
What is OAuth?
OAuth is an open standard for access delegation.
What is OAuth?
What is OAuth?
1. App requests authorization from User
2. User authorizes App and delivers proof
3. App presents proof of authorization to server to get a Token
4. Token is restricted to only access what the User authorized for the specific App
https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth
Back to the code
react-facebook-login (widget)
dj_rest_auth (/auth/login view)
django-allauth (rest auth adapter)
Part 2. JWT
What is JWT?
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
What is JWT?
Back to the code
djangorestframework-simplejwt (auth)
axios-jwt (session)
Part 3. Refresh token
What is refresh token?
What is refresh token?
It's a JWT token...
but to refresh
What is refresh token?
access_token TTL - minutes
refresh_token TTL - months
What is refresh token?
localStorage vs cookies
This is not a security talk
What is refresh token?
localStorage vs cookies
HttpOnly cookies 👍
Back to the code
djangorestframework-simplejwt (auth)
axios-jwt (session)
Part 4. Bonus
Django API Setup
Makefile
requirements.in
seed
gitignore.io
lint/format
Back to the code
Makefile
requirements.in
seed
gitignore.io
lint/format
Recap
Key Points
Key Points
1. You can do it.
Key Points
1. You can do it.
2. There's no "one library" that would solve your problem
Key Points
1. You can do it.
2. There's no "one library" that would solve your problem
3. It's not _that_ hard.
Key Points
1. You can do it.
2. There's no "one library" that would solve your problem
3. It's not _that_ hard.
4. Front authorizes token agains OAuth.
Key Points
1. You can do it.
2. There's no "one library" that would solve your problem
3. It's not _that_ hard.
4. Front authorizes token agains OAuth.
5. Learn by trying.
Key Points
1. You can do it.
2. There's no "one library" that would solve your problem
3. It's not _that_ hard.
4. Front authorizes token agains OAuth.
5. Learn by trying.
6. There's a lot of JWT libraries.
Key Points
1. You can do it.
2. There's no "one library" that would solve your problem
3. It's not _that_ hard.
4. Front authorizes token agains OAuth.
5. Learn by trying.
6. There's a lot of JWT libraries.
7. Keep your project well-organized from the day 0.
Key Points
1. You can do it.
2. There's no "one library" that would solve your problem
3. It's not _that_ hard.
4. Front authorizes token agains OAuth.
5. Learn by trying.
6. There's a lot of JWT libraries.
7. Keep your project well-organized from the day 0.
8. Security matters.
Key Points
9. https://github.com/Gandi24/drf-facebook-auth
Thank you.
https://github.com/Gandi24/drf-facebook-auth
@gandi
kuba.wasielak@gmail.com