authentication
Token Authenticatable module in Devise
The short answer is: it’s up to you. This module only provides a few helpers to help you manage the token, but it is up to you to choose how to use it. For example, if you want to have a new token every time the user saves his account, you can do the following: … Read more
Which authentication and authorization schemes are you using – and why?
Actually, the answer is probably a combination of 1 and 3. You can take advantage of a lot of the tools and features that the framework provides for you by writing a membership, role or profile provider if the default options don’t quite go as far as you’d like. We’ve done just that on a … Read more
Transparent user session over several sites (single sign-on + single sign-off)
Well, let me explain a bit further then. (All URLs are fictional!) As I said, the visitor goes to http://www.yourwebpage.com and indicates he wants to log in. He is redirected to http://your.loginpage.org?return=http://www.yourwebpage.com/Authenticated where he will have to provide his username and password. When his account information is valid, he will return to the page that … Read more
Understanding Django-LDAP authentication
This page might have what you are looking for: https://pypi.python.org/pypi/django-auth-ldap concerning the LDAP backend. You are lucky that one exists, so you don’t have to code an auth backend yourself 🙂 Basically django.contrib.auth.models already has a User object that contains everything you need about the user. So you don’t need to create a new models.py. … Read more
Heroku: Login system – authentication loop failure
I started getting this error very recently. I believe it’s linked to a recent email that I got regarding password requirement changes: Heroku will start resetting user account passwords today, May 4, 2022, as mentioned in our previous notification. We recommend that you reset your user account password in advance here and follow the best … Read more
login() in Django testing framework
The problem is that you’re not passing RequestContext to your template. Also, you probably should use the login_required decorator and the client built in the TestCase class. I’d rewrite it like this: #views.py from django.contrib.auth.decorators import login_required from django.shortcuts import render from django.contrib.auth import get_user_model @login_required(login_url=”/users/login”) def secure(request): user = request.user return render(request, ‘secure.html’, {’email’: … Read more
OAuth or JWT? Which one to use and why?
JWT is a simple authentication protocol, Oauth is an authentication framework. An experienced developer will take about a month to fully understand and implement Oauth. An experienced developer can pick up the JWT protocol in about a day of reading the specifications. So basically, it boils down to your specific use-case. If you want simple … Read more