Hi devs,
I have React as my FE running on 127.0.0.1:3000 and Django on my BE running on 127.0.0.1:8000. I’m trying to implement authentication on the BE side. I want the FE to be as dummy as possible.
The user click Login button → the FE calls my BE api path → FE get url and redirects the user, when completing the authentication process on my BE(callback api) I get the same result with stateMismatch.
I’m using “social_django” app and i can give back the url to the FE.
-
You think this is a good approach to make all the authentication on the BE without FE interfering, just redirecting the user to the right place?
-
You think better approach is to Authenticate the user on the FE, the callback is on the FE and not the BE and then the FE will pass all relevant data to the BE endpoint "/api/v1/users/dummy_api/
-
Is there a way to handle the CSRF problem maybe with storing the state somewhere? maybe some settings related to CSRF that will help me?
Best,
Idan