re: Is there a way I can use Django default auth with React with them both decoupled? VIEW POST

re: Firstly you got it wrong, Django does not work that way. They don't share anything at all if your going the React as your frontend and Django as yo...

No buddy, you can either serve React and Django each in a different server or you can use react (the bundle.js file) as a script inside a template (then you can use the session authentication which requires the AJAX calls to be in the same context).

Localstorage is a very bad idea as it's vulnerable to XSS. As I said the way to do it is to store the access token in memory and the refresh inside an http only cookie, there's a pull request for the django-rest-framework-simplejwt that's trying to do this.

So the answer for my question is no, if React and Django are served seperate. Now I'm trying to figure out how to return an http only cookie for the refresh token.

If it was okay for localstorage, that would be super easy. But unfortunately the internet has some bad people.

Thanks for your interaction buddy

Code of Conduct Report abuse