11

We have two apps App1 with domain www.app1.com and App2 with domain www.app2.com. Backend of both apps is api based using django-rest-framework. On frontend side we are using Angular2. Both apps had their different user base but now we decided to merge the user base and want a single authentication service.

Both apps needs to use eachother's functionality. And we want seemless experience for user. If a user a singed in one app. It should not be login from other app.

I did some research and find out that it can be achieved with SSO. Here is the link to the relevant stack-overflow question (Implementing SSO with django). I also find many libraries. Most of them are very old so can't use legacy code.

Following are the libraries that I have tried and why these couldn't fit into my problem.

  1. Server with django-mama-cas and client with django-cas-ng. This worked perfectly but only for session based apps and my client apps are rest-api based.
  2. Another one is django-rest-framework-sso. This is year old library and also I am not sure how will sure the jwt between angular apps.

So can you please share how to implement SSO with rest-fraemwork ?

cezar
  • 11,616
  • 6
  • 48
  • 84
Mahammad Adil Azeem
  • 9,112
  • 13
  • 57
  • 84
  • Power the both apps with the single django installation and it will works, you don't need extra libraries. – Goran Apr 09 '18 at 15:48

1 Answers1

2

What you can do is take django-rest-auth project https://github.com/Tivix/django-rest-auth and run it as a central authentication server on let's say app-3 and make calls to it for authentication from app-1 and app-2.

It would require you to consolidate your user DB and have it served from one restful auth service. You would still need to write a restful cas client thou that would process the authentication for you, Or you can just repurpose the ng-cas code for this, All it does is it takes the ServiceTicket returend by the mama-cas server and creates a session in django auth based on it and optinoally creates a user as a stub in the client server db.

Another alternative is to make mama-cas restful. All mama cas does is creates a ServiceTicket model object on succesful login and sends it over to the client which consumes 'service' and 'ticket' params and creates authentication session. Authentiation session is created whether you are restful or not, it's part of django architecture to provide authentication.

What we did at likalo to consolidate our services was take the django-mama-cas server and made it semi restful. It's on my road map to make it 100% restful using this approach.

Hope this helps...

PhilippeT
  • 144
  • 8