Which authentication and authorization schemes are you using – and why?

Actually, the answer is probably a combination of 1 and 3. You can take advantage of a lot of the tools and features that the framework provides for you by writing a membership, role or profile provider if the default options don’t quite go as far as you’d like. We’ve done just that on a … Read more

Transparent user session over several sites (single sign-on + single sign-off)

Well, let me explain a bit further then. (All URLs are fictional!) As I said, the visitor goes to http://www.yourwebpage.com and indicates he wants to log in. He is redirected to http://your.loginpage.org?return=http://www.yourwebpage.com/Authenticated where he will have to provide his username and password. When his account information is valid, he will return to the page that … Read more

Understanding Django-LDAP authentication

This page might have what you are looking for: https://pypi.python.org/pypi/django-auth-ldap concerning the LDAP backend. You are lucky that one exists, so you don’t have to code an auth backend yourself 🙂 Basically django.contrib.auth.models already has a User object that contains everything you need about the user. So you don’t need to create a new models.py. … Read more

Heroku: Login system – authentication loop failure

I started getting this error very recently. I believe it’s linked to a recent email that I got regarding password requirement changes: Heroku will start resetting user account passwords today, May 4, 2022, as mentioned in our previous notification. We recommend that you reset your user account password in advance here and follow the best … Read more

login() in Django testing framework

The problem is that you’re not passing RequestContext to your template. Also, you probably should use the login_required decorator and the client built in the TestCase class. I’d rewrite it like this: #views.py from django.contrib.auth.decorators import login_required from django.shortcuts import render from django.contrib.auth import get_user_model @login_required(login_url=”/users/login”) def secure(request): user = request.user return render(request, ‘secure.html’, {’email’: … Read more

OAuth or JWT? Which one to use and why?

JWT is a simple authentication protocol, Oauth is an authentication framework. An experienced developer will take about a month to fully understand and implement Oauth. An experienced developer can pick up the JWT protocol in about a day of reading the specifications. So basically, it boils down to your specific use-case. If you want simple … Read more