In this article I’ll assume you’re familiar with Django, Django Rest Framework, React, and a little bit of Docker and Nginx. However I should state I’m quite new to Docker and Nginx. I’ll also assume you have Python, Pip, Node and Docker set up. I’ll be using Pipenv, but if you want to install your Python dependencies globally I guess I can’t stop you. My goal is to show a development set up I recently got working to use Django session authentication with a Single Page Application (SPA) and Django Rest Framework.I recently was attempting to authenticate users on a React app while using a Django Rest Framework (DRF) backend. The simplest option seemed to be using JWT token authentication, however a quick google search will reveal what seems to be an unanswered debate over whether keeping a JWT in localstorage is secure (That statement is over simplified but have a look into it if you’re curious). After a few days of reading I decided that session authentication was less risky.Although it may seem straightforward to use sessions with a SPA, the built in Django session authentication is designed primarily for a web app using Django templates, not a SPA running on another domain. The CSRF-Tokens used in session authentication are there specifically to prevent authenticated requests coming from another domain, creating a headache for someone looking to authenticate a SPA. If you’re brave enough to wrestle with django-cors-headers and attempt to get Django to set the CSRF Token on another domain in a secure way, I wish you the best, I’ve had no luck. This approach also seemed risky as you’re required to relax many Django settings regarding cookies and security.The Django Rest Framework documentation mentions making requests with sessions. Head to the section on authentication and you’ll find how to allow a request with session authentication, but no mention of how to login on a SPA, which to give credit to the Rest Framework, is probably outside the reasonable scope of what is otherwise amazing documentation. None the less I felt stumped.

#nginx #django-rest-framework #react #django #docker

Django Rest Framework and SPA -Session Authentication (With Docker and Nginx)
19.75 GEEK