I'm looking for some advice on setting up one authentication service for multiple different django projects.
Currently, I have one project that uses AWS Cognito for auth (with django-cognito-jwt). Then I have a separate project that does the same thing using a different AWS Cognito user pool. These projects are not connected in any way. The current flow for each app looks like this:
(1) Go to one project and login via frontend
(2) Use AWS Amplify to authenticate user against cognito and return a JWT
(3) Hit my DRF API and call get_or_create_for_cognito to parse JWT
(4) If account is new, create Django User object in the database storing the ID from cognito
(4) If account already exists, lookup User record by cognito ID and return that
(5) With this returned user object, I can lookup groups and permissions associated with user to allow or disallow various endpoints.
My goal, is to have one cognito account allow a user to authenticate on both of the different projects.
I understand that I can just point both projects to the same "User" table, but a few different sites/blogs have talked about this being bad practice. Some people have mentioned introducing a 3rd django project that's sole responsibility is Authentication. However, most of the examples I have found are using django's built in authentication not cognito.
So at a high level I'm wondering if anyone has any idea for how to architect this, or any example project using cognito that might be helpful for me to read over.
Thanks for any help!!
I've also read over this similar post: Multiple Django apps, shared authentication but my requirements are different because I'm using JWT auth and cognito
