I have a mobile app using a react-native frontend and django rest api for the backend.
I’m interested in using Bubble to build the web frontend, and am wondering how to best integrate the two - specifically for the authentication side. I’ve used the API Connector plug-in to successfully pull in data that doesn’t require a user to be logged in, but I’m stuck on what the best way is to handle the login/authentication side of things.
I’m looking at using token authentication, session authentication, or something like JWT. For those, where would I store the token/csrf cookie/etc? Maybe with the Cookie Handler plugin like in this post:
Or is a better approach building a plugin that handles this, instead of using the api connector?
Anyone have experience with integrating their own django rest api backend with bubble including the authentication side of things?
Hey @mladen1, I run a Saas Software company built on the web with SQL and C# backend. We have built several APIs as well including authentication. In my other post you referenced, I built a bubble app for our company (separate from the other C# code) where the Bubble app authenticates with those APIs and then stores the API tokens as a cookie in the browser, and then each API call uses the cookie from the browser to authenticate all the calls to get the data into Bubble. When the user logs into my app, the workflow calls the other API and stores the token. from there, the user is logged in and authenticated to make other API calls. I used the API connector to do this.
My Bubble app has no Bubble database tables. It’s 100% front end only and uses the APIs to push and pull data to the SQL database.
Hi @robertpbrinton - thanks for the response and the original post! The main hang up I have with that model is that the Django REST API docs say to use token authentication only for mobile or native desktop applications, but not for the web due to security concerns:
In my case, the token expired every 1 hour, so having it stored on the browser wasn’t too much of an issue. So there was a refresh token that would fetch a new one assuming the user was still authenticated. or else it could force a new login. the refresh can be automated or manual using the refresh token. I think this is the JSON web token, no?
