About me

about.me/jakub.wasielak/

kuba.wasielak@gmail.com

About me

about.me/jakub.wasielak/

kuba.wasielak@gmail.com

About me

about.me/jakub.wasielak/

kuba.wasielak@gmail.com

Python

Challenges

About me

about.me/jakub.wasielak/

kuba.wasielak@gmail.com

About me

about.me/jakub.wasielak/

kuba.wasielak@gmail.com

The problem

The problem

At first I was like

But then

well, not so sure

The solution

(summary)

  • Django API
  • Facebook OAuth authentication
  • JWT generation in DRF
  • React setup with Axios

Demo time

Part 1. OAuth

What is OAuth?

OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.

What is OAuth?

OAuth is an open standard for access delegation.

What is OAuth?

What is OAuth?

1. App requests authorization from User
2. User authorizes App and delivers proof
3. App presents proof of authorization to server to get a Token
4. Token is restricted to only access what the User authorized for the specific App

https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth

Back to the code

react-facebook-login (widget)

dj_rest_auth (/auth/login view)

django-allauth (rest auth adapter)

Part 2. JWT

What is JWT?

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

What is JWT?

Back to the code

djangorestframework-simplejwt (auth)

axios-jwt (session)

Part 3. Refresh token

What is refresh token?

What is refresh token?

It's a JWT token...

but to refresh

What is refresh token?

access_token TTL - minutes

refresh_token TTL - months

What is refresh token?

localStorage vs cookies

This is not a security talk

What is refresh token?

localStorage vs cookies

HttpOnly cookies 👍

Back to the code

djangorestframework-simplejwt (auth)

axios-jwt (session)

Part 4. Bonus
Django API Setup

Makefile

requirements.in

seed

gitignore.io

lint/format

Back to the code

Makefile

requirements.in

seed

gitignore.io

lint/format

Recap

Key Points

Key Points

1. You can do it.

Key Points

1. You can do it.

2. There's no "one library" that would solve your problem

Key Points

1. You can do it.

2. There's no "one library" that would solve your problem

3. It's not _that_ hard.

Key Points

1. You can do it.

2. There's no "one library" that would solve your problem

3. It's not _that_ hard.

4. Front authorizes token agains OAuth.

Key Points

1. You can do it.

2. There's no "one library" that would solve your problem

3. It's not _that_ hard.

4. Front authorizes token agains OAuth.
5. Learn by trying.

Key Points

1. You can do it.

2. There's no "one library" that would solve your problem

3. It's not _that_ hard.

4. Front authorizes token agains OAuth.
5. Learn by trying.
6. There's a lot of JWT libraries.

Key Points

1. You can do it.

2. There's no "one library" that would solve your problem

3. It's not _that_ hard.

4. Front authorizes token agains OAuth.
5. Learn by trying.
6. There's a lot of JWT libraries.

7. Keep your project well-organized from the day 0.

Key Points

1. You can do it.

2. There's no "one library" that would solve your problem

3. It's not _that_ hard.

4. Front authorizes token agains OAuth.
5. Learn by trying.
6. There's a lot of JWT libraries.

7. Keep your project well-organized from the day 0.

8. Security matters.

Key Points

9. https://github.com/Gandi24/drf-facebook-auth

Thank you.

https://github.com/Gandi24/drf-facebook-auth

@gandi

kuba.wasielak@gmail.com

Made with Slides.com