loading...

re: Is there a way I can use Django default auth with React with them both decoupled? VIEW POST

TOP OF THREAD FULL DISCUSSION
re: any experience with any of these? I suppose the default session authentication only works with React inside a django template "Session authentica...
 

Firstly you got it wrong, Django does not work that way. They don't share anything at all if your going the React as your frontend and Django as your backend. The only interaction between them is in terms of API.
Your React is only calling the API in your Django backend.

Which in this case is either a JWT token or some other form of authentication depending on your use case.
This could be founded in the Django REST Framework in the Authentication section to authenticate and allow the access to the Django API.

Once you have a session or JWT, you can either store it as local storage or as a cache that is implemented on React your front-end.

No buddy, you can either serve React and Django each in a different server or you can use react (the bundle.js file) as a script inside a template (then you can use the session authentication which requires the AJAX calls to be in the same context).

Localstorage is a very bad idea as it's vulnerable to XSS. As I said the way to do it is to store the access token in memory and the refresh inside an http only cookie, there's a pull request for the django-rest-framework-simplejwt that's trying to do this.

So the answer for my question is no, if React and Django are served seperate. Now I'm trying to figure out how to return an http only cookie for the refresh token.

If it was okay for localstorage, that would be super easy. But unfortunately the internet has some bad people.

Thanks for your interaction buddy

Code of Conduct Report abuse