Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Clarification in documentation for DRF and verifying access_token
See original GitHub issueSo in my app, and how I understand this should work in a microservice application, the flow is the following:
- User navigates to
https://www.example.com/which is a ReactJS FE. - Using
react-aad, they are automatically redirected to login using their Azure AD credentials for our tenant ID. - This gives them the
id_tokenandaccess_token. - I need to send this
access_tokento our Django/DRF API where it needs to be verified as being authentic and thus granting client/API communication.
This is my understanding of how social authentication for microservices should work: client gets access_token, sends to API, API verifies it is authentic. This is where your library comes in and your documentation seems to verify this flow.
What I’m confused by, is in the DRF Integration section regarding the access token, the example is showing user and password. Again, it is my understanding user and password are not being sent from the ReactjS FE client, just the access_token and the API is supposed to verify it. This example seems to contradict that.
Can you clarify?
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@marlonpatrick I set it wrong while trying to integrate it with just one application (Web only). Finally found issue and get over it. Thanks
Closing in favor of #81 . Explanation is as previously mentioned in #114, and a PR has been raised (#123) to fix documentation.