django-oauth-toolkit VS djoser

View on GitHub

Just to be clear: I'm asking for LDAP to be one possible choice. If an installation wants to use LDAP BIND they can use that, or if the want to use SAML they could use that, or OATH. But not at the same time: you get to choose one.

Django Authentication system for example has a User object that allows different backends to feed into it:

* https://django-auth-ldap.readthedocs.io/

* https://django-oauth-toolkit.readthedocs.io/

* https://stackoverflow.com/questions/22668434/saml-with-djang...

You would need to store whatever identifier the oauth provider gives you along with access and refresh tokens. That said, I wouldn't try to implement this from scratch, since it is not trivial. Try django-oauth-toolkit

Thankfully you don't need to implement this giant standard yourself. You can use the excellent Django OAuth Toolkit package. They also have a specific section in their documentation for using it with DRF.

I would suggest token auth as it is stateless, secure and can be used on multiple devices. OAuth/OAuth2 is the industry standard at the moment but you can also use a simple JWT token signature. On top of this, Django REST framework offers a lot of libraries for this purpose e.g. django-rest-framework-simplejwt, django-rest-framework-social-oauth2, django-oauth-toolkit, and more.

That's what I'd usually say too, but this issue does give some "neglected project" vibes - the version on pypi is still quite a bit older than what's in the repo.

e.g.: https://github.com/sunscrapers/djoser/blob/master/djoser/constants.py

Right now, I'm using dj-rest-auth for Token based authentication. I store token in the localStorage. Earlier I was using djoser for adding auth in the project (I wrote article about my approach with djoser).

View on GitHub

Djoser is an open-source authentication library for Django. It is a simple library for providing basic authentication in a Django app, and it is used alongside the Django REST Framework. In this article, we will be looking at how to customize URLs in Djoser.

For Djoser this looks to be fine, there is an issue mentioning Django 4.0 but it looks like that just requires a work around for a dependency.

djoser if you are using DRF

Customizing Serializers

A reusable library implementing auth logic in DRF: https://github.com/sunscrapers/djoser

I'm using Djoser on the backend and I want to save tokens in Redis when they are created. I want this because I want to single user from one account can use my app, so I'm about to store all created tokens and then invalidate them if a user with this `id` login's from another device/browser. So my question is, am I need to redefine this method? Please push me in the right direction, I'm kinda lost. Maybe there is a better solution.