Speaker: Carlos de las Heras
Things have changed since 2003. The scopes and life cycles have changed, new paradigms have appeared, especially with respect to the request/response cycle.
Moving from template rendering to single page applications is maybe the way to go, providing just a REST API via Django, handling also identity management Django-side.
The tool chain here includes primarily
JWT as auth tokens. Authentication and permission is
completely handled by
djangorestframework-jwt and decorators/permission classes.
JSON Web Tokens (JWT)
- stateless authentication mechanism (no session, no cookie)
- signed: can be decoded and checked for validity
- sent via an Authorization header
- can handle expiration, too
- logging in is handled by sending a token to the client which is then added to every further request
- registration is handled as normally, with a confirmation mail
- testing must mock the token
- Set CORS headers with django-cors-headers