Where I work currently there are many Django projects, each running on their own VPS, and each is running under their own subdomain (foo.example.com, bar.example.com, ...) as shown in the following diagram:
What I want to do is to have a central Django Server that manages all the login process (authorization and authentication) for each application, and when a user logins in foo.example.com
and then goes to bar.example.com
, his session keeps active and doesn't need to enter credentials again (user/password), the same if the user logs out, he couldn't see anything on the other projects until he logins in again.
Similar as what Google does when you login on gmail.com
and go to youtube.com
or blogger.com
(or more similar to what I want to do: you login in google.com
and go to drive.google.com
, photos.google.com
, calendar.google.com
) or any other Google's site, your session keeps active.
Is there any django-package or any other way that would help me accomplish it?
I would use the django rest framework and login with that. This will install a session cookie, which you can check every time the user opens a page that they need to be logged in for. Once the cookie expires, or django expires the cookie, the user is logged out, and pages should not be served to them if your authentication checks are good. This means that if they log in to the django server anywhere, they remain logged in, even on your page, just like with facebook or google. When they log out of the django server, anywhere, they will be logged out of your remote pages as well.
You can read more about the django rest framework authentication here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With