I am planning to create microservices architecture in Django and Django rest framework. My intent is to have a separate Django project that handles authentication. This project has djangorestframework-simplejwt package which mentions an SSO feature here.
How do I implement this? Should I update the DEFAULT_AUTHENTICATION_CLASSES in both the django projects?
Update the DEFAULT_AUTHENTICATION_CLASSES to 'rest_framework_simplejwt.authentication.JWTTokenUserAuthentication' in both Django projects. Then your SIMPLE_JWT settings in authentication project should look like this:
SIMPLE_JWT = {
...
'SIGNING_KEY': config('SECRET_KEY'),
'VERIFYING_KEY': config('SECRET_KEY'),
...
}
While the SIMPLE_JWT for your other service should look like this:
SIMPLE_JWT = {
...
'SIGNING_KEY': 'AUTHENTICATION PROJECT SECRET KEY',
'VERIFYING_KEY': 'AUTHENTICATION PROJECT SECRET KEY',
...
}
In my case, I stored the SECRET_KEY as an environment variable.