Hello,
I am currently writing a webapp using Django Rest framework and implementing DRF alongside this as my authentication system.
I had planned to use my own login front end, and get a token and wrap the rest of the code so that it can only be viewed if authenticated. Is this best practice, I currently have the auth0 generic login page working but would really prefer to sue my own, and have the users stored in my own DB that I am using as part of the app.
can anyone shed light on whether this is possible and the best practice on implementing this.
Thanks
Hi @nathancread
Why do you want to have users stored in your own DB? That puts the burden on your app for the security hygiene (storing passwords appropriately etc.) and tools (password reset flow etc.).
Best practice is to use Auth0 for everything, what you are already doing.
John
1 Like
Hi @john.gateley,
Thanks for getting back to me!
The reason was as the long term plan is to have multiple areas of the website that the logins work against.
I.e. If somone from Group A logs in they can’t see anything to do with anything under Group Bs login. These seperate areas would then be able to create new users under their own areas, but again not tough anything outside of that.
Is this somthing that I can acheive using the universal login?
Thanks
Nathan
Hi @nathancread
Yes you can do that with ULP.
Sounds like what you need are scopes, “Group A” would be a scope, and "Group B"would be a scope. The API would require an access token with the proper scope.
But this is really orthogonal to using ULP or not, and requires careful design: can members be in both group A and group B?
John
1 Like