Django authentication service

Hi everyone!

I would be very grateful if you could advise me on one technical issue. I need to write an authentication service (id.domain.com) for several web sites (site1.domain.com, site2.domain.com etc., one of the sites is already running in production). I read about OpenID, SSO, jwt, but I still do not have a complete picture.

If user has account in id.domain.com, he should be able to login to all sites (site1.domain.com, site2.domain.com etc.), once agreeing to share user data for each site. Profile changes can only be made in id.domain.com.

I would like to use ready-made libraries (maybe django-oidc-provider) to speed up the process. In which direction should I move?

Thank you for your time and help.

Have you considered using Auth0?

For authentication, you should understand that the flow is that every request sent needs to be authenticated; the server has no memory about the previous request. Therefore, you should look at how authentication works in Django, perhaps starting with the Sessions Middleware and Auth Middleware.

If I were you, I would write a custom middleware that authenticates the requests on your base domain’s auth system. Or just look at the login flow, and every time a user shares data, you duplicate the user on your new subdomain, but the login backend uses the information stored on your base domain. You can expose a very simple API endpoit to validate credentials.

1 Like

A simple solution would be to use Azure’s AD to authenticate users across multiple sites. Obviously you would need an Azure account and to set up an AD group. Then you could use the following tutorial to setup OAuth authentication to Azure AD:

1 Like

Thank you for your answer. “Duplicate the user on your new subdomain, but the login backend uses the information stored on your base domain” - I think this is the best way in this situation. One of the sites already have 1200 users. I will store general data on the base domain and everything related to each project in this project itself, by duplicating user (adding hash for example to connect with user in base domain).

This is something new for me, thanks.

I still do not understand what to do after receiving this data. Hope Auth2 documentation and tutorials will help.

{'token_type': 'Bearer', 'scope': ['openid', 'profile', 'User.Read', 'Calendars.Read'], 'expires_in': 3600, 'ext_expires_in': 3600, 'access_token': '...', 'refresh_token': '...
```, 'id_token': '...', 'expires_at': 1578684571.7312844}