Updating My Approach To Authentication
Finally got a bunch of things working. Only to realize that they didn't really work.
I’ve been figuring out the best way to connect my frontend to my backend. I don’t want to deal with the Django views and I really want it to be just a backend. I got the Django Rest Framework (DRF) added in to handle a lot of things, like object serialization so I can return database models back to the UI more easily. But I’ve been trying to figure out the authentication piece. The documentation wasn’t the best, because there are multiple layers at play, and so I had to untangle which piece did what. So on top of DRF, I used the dj-rest-auth package, which allowed me to use social media logins to authenticate with Django. That’s built on top of allauth, another package that handled creating the database models and other things needed for the authentication piece.
That ended up giving me an endpoint that I could use to pass in the access token and secret token I got from logging in with Twitter. When I did so, it would create an account in Django, and return a token that I could store on the client.
But that left me with an issue I had to figure out: how to get the access token and secret token. It’s a 3-leg authentication process for Oauth1, where I make a request to Twitter, get a couple of temporary keys, then get the user’s approval from Twitter, and receive the final keys. But where should I do that?
After a lot of research, it seems like that usually takes place on the frontend. Once I untangled all of it, I made a decision to make my life easier: instead of worrying about exactly how to accomplish it, I decided to go back to BlitzJS. I have a working auth flow there, using PassportJS. I was then able to add in a call to the Django backend during the auth process in Blitz, where I could send it to the backend and receive the key. And since Blitz uses a database for session management, I didn’t have to worry about setting anything in local storage. Blitz handles all of that for me.
So finally, I was able to make my API calls to my Django server, as an authenticated user.
So I did that!
And then promptly realized that two of the endpoints I was using were actually required to use the new Twitter Oauth2 flow.
Which broke everything I was doing.
So I went back to the drawing board. The Oauth2 flow is a bit different. And it’s still pretty new, so the packages I was using weren’t created to support that flow for Twitter login.