Native app rest api social login flow

2018-06-11 19:06:03

I am developing a native frontend application which communicates with a backend rest api built using python django rest framework.

The rest framework uses django rest framework token authentication in which every user has an authorization token and the token will have to be attached to the header of every http request to the rest api in the form of “Authorization: Token ”.

My application provides the user with two main ways to login. The first one is to register an account with username and password. This will create a django User model object and a token will be generated. This login method works well.

The second login method is to login with the user's social account. My idea is whenever an user login with their facebook account, the app will be redirected to my website which will then redirect the user to the social media of their choice. After authorizing the social media api will redirect them to my website again which a user and a token will be created. Then my website will redirect back to my native app using a custom uri with the token attached in the uri like this:

myapp://authenticate#token=xhskscjndjnccjdsdc

The native app will then parse the uri and obtain the token.

The part that I am worried about is security. This method works but attaching a token in an uri seems a bit insecure to me. Is there any best practice that I can follow? Thanks!

I can propose you to use django-rest-auth for dealing with Authentification and Registration.

With that package/library you can use Social Authentication through Facebook, Twitter, Google or other provider.

链接地址: http://www.djcxy.com/p/33796.html

上一篇: 在Django中使用多个身份验证后端的最佳实践？

下一篇: 本地应用休息api社交登录流程