Using OAuth1 from behind server firewall
15 views
Skip to first unread message
Kristian Toole
May 16, 2022, 1:07:19 PM5/16/22
to Django users
Hi All,
I have a Django app with a React Frontend. However, I'm struggling to figure out how to make the OAuth process work from behind a firewall. Any help would be HIGHLY appreciated! Please read below for details.
I have a scenario where I'm building an app that is hosted on an ubuntu server. Currently I have all inbound traffic to the server blocked with only outbound being allowed. The only way to access the React/Django app on the server is either thru VPN or having an IP whitelisted. When doing the OAuth1 process (to connect with a data provider), I'm struggling to figure out how to keep my app closed from the public internet but still complete the OAuth 1 process for the end user. Given that this app's purpose is to aggregate user data (from user's who've granted permission), it's not practical for me to whitelist the IP address of every single end user.
Currently, I'm considering making a form outside of my app for users to register with and then just having my app hourly check that form for new users so that it can then start the OAuth1 process and send the end user the authorization URL needed to grant permission to the data provider. At this point though, I have it where once the user signs up with their data provider, the callback URL redirects the user back to the Django app so that the Django app can grab the necessary elements from the URL in order to formally request for the user's actual access token. Given that the app is blocked to the public, I imagine the user won't actually be redirected back to the Django app for the access token part of the process to happen.
Any recommendations for this? For production?
I have a scenario where I'm building an app that is hosted on an ubuntu server. Currently I have all inbound traffic to the server blocked with only outbound being allowed. The only way to access the React/Django app on the server is either thru VPN or having an IP whitelisted. When doing the OAuth1 process (to connect with a data provider), I'm struggling to figure out how to keep my app closed from the public internet but still complete the OAuth 1 process for the end user. Given that this app's purpose is to aggregate user data (from user's who've granted permission), it's not practical for me to whitelist the IP address of every single end user.
Currently, I'm considering making a form outside of my app for users to register with and then just having my app hourly check that form for new users so that it can then start the OAuth1 process and send the end user the authorization URL needed to grant permission to the data provider. At this point though, I have it where once the user signs up with their data provider, the callback URL redirects the user back to the Django app so that the Django app can grab the necessary elements from the URL in order to formally request for the user's actual access token. Given that the app is blocked to the public, I imagine the user won't actually be redirected back to the Django app for the access token part of the process to happen.
Any recommendations for this? For production?
Reply all
Reply to author
Forward
0 new messages