Authentication

Authentication is the process of confirming the truth of an attribute of a single piece of data claimed true by an entity, or it’s simply the process of ascertaining that somebody is who they claim to be. It’s different of authorization that refers to rules that determine who is allowed to do what.

Current status

We are using three different libraries to provide social authentication, OAuth2, and JWT. Social auth has a different pipeline compared to OAuth2 and JWT, so the idea is to combine all of them and provide one process/pipeline, in other words, we need to join the functionalities to have only one way to provide/generate tokens.

The problem with the social core is that it generates Django session instead of a token, so we need to either redirect users to the auth endpoint(not the best approach) or use the Django REST Framework functionality responsible to validate users and generate tokens for them(better approach).

Expected status

We want to be able to type user’s credentials in a form and request a token. We also want to have the possibility to click on a social button and get a valid token.

Questions

  • Should we create a new user when social auth is used?
  • Should we generate a password when social auth is used?
  • Does Djando OAuth Toolkit work with users without password?
  • Should we create a new lib importing the three other ones?