Menu
As the title says, I'm developing a Django app which uses another API to authenticate the user. The external API is quite simple and returns a certificate if the user is properly authenticated. My app should not keep any user's information, except it's certificate and id (which I'm keeping as session variables).
As a drawback of this implementation, I'm not using Django’s authentication system and all the practical methods it offers, like to check if the user is_authenticated, is_anonymous or to get user's permissions.
As the user must be logged to access some pages of my app, I must aswell ask him/her to log in so that he/she could continue. Therefore, using @login_required would be handful.
I must also create a Access Control module to check permissions and to allow access to some restricted areas of the app according to groups of users (common users, admins, etc.).
Do you guys know how could I customize Django's authentication system to handle all theses issues?
675
You have to keep logged in user inside your request so just log him without authentication
from django.contrib.auth import login
def authenticate_by_api_view(request):
certificate = do_the_magic()
if certificate_valid(certificate):
user = User()
#you can set ID here and save the user to the DB then
login(request, user)
If you don't want to save user at all you can take a look at the django-lazysignup project or use rather Django sessions framework
173
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
