I am working on the django rest (django 2) framework for the backend with angular 5 for the client. I use this module for social auth .
I have some important questions about this and my code below.
From the documentation, we must send client_id , secret_id and the clientโs secret, as well as the user password and password to this url http://localhost:8000/auth/token , and in return it will give us access_token. Thus, we must have secret_id and client_id on the client side ... is it safe to store this data? If not, what is the right way?
private client_id = "uvsNRS7segoeAY71kLlqxotWx8iUhK2DoRi4ru84"; private client_secret= "NXpXO1RzfQIHRImDu5LoM2W7ln3VACT6fWSSKQhhAXdBgec8yRTXIC1AlFzMbBiPDBx5e9SaBztf9tSINoJxRpybZXHAtuwYOtDySyJWOmeTkC22JMv64IUr2PUyEjwU"; onSubmit({value, valid}) { if (!valid) { console.log("form in invalid!"); } let username = value.username; let password = value.password; this.http.post<any>("http://localhost:8000/auth/token/", {client_id: this.client_id,client_secret: this.client_secret,grant_type: "password",username : username, password: password}) .subscribe( user => { console.log(user) if (user && user.access_token) { console.log(user) localStorage.setItem('token', JSON.stringify(user.access_token)); this.dialogRef.close(username); this.router.navigateByUrl(this.returnUrl); } }, err => { this.error = err.error.non_field_errors; } ); }
this module provides us with "access_token". Is there a way to use jwt instead?
Is there a module supporting jwt for django 2 social auth ? By default, I searched for it many times, but all the packages for django 1.1. If you know something better, tell me.
On the client side: what is the best way to find the role of the user in order to give him access to view routes?
source share