Creating user in django with same password in multiple domains

Question

I have two different domains say,abc.com and xyz.com both sites are using django framework and its authentication system , and I want to create a user with same password as in xyz.com so that the user can login using same credentials of abc.com.

One alternative is to create the user with same hashed password as in xyz.com but the two domains runs on different versions of django(I have tested the approach in django versions 1.6.3 and 1.7.2).I have following questions:

What are the consequences(future problems) of using the above approach?
Is there any other better alternative/approaches to create centralized authentication system if user database is not centralized.

Also I do not want to add custom password field, or store in user's sessions or manage password from my end.

not django specific http://stackoverflow.com/questions/4306728/how-to-create-a-shared-login-service-across-multiple-domains — GIRISH RAMNANI, Mar 29 '16 at 07:14
I answered your second question (or at least attempted to). I am not sure what solution you were suggesting yourself, so commenting on consequences and future problems with your approach is requires some further elaboration. — Robert Jørgensgaard Engdahl, Mar 29 '16 at 09:13
I made an api on abc.cmo which accepts username and hashed password from xyz.com and creates user. What I found was if I replace password field with hashed password the same user is able to login on xyz.com though their django versions are different.Also I found that django uses SECRET_KEY from settings file to generate hashes.So may be the hash generation algo or key itself may change in future versions. — himanshu219, Mar 29 '16 at 13:59

score 2 · Answer 1 · answered Mar 29 '16 at 09:11

Regarding centralized authentication: you could use the database for just the User model. Multiple databases has been supported for some time, and you can read about it here.

There will be a session cookie for each domain, and they will time-out asynchronously, but the authentication will be done using the same password and username.

score 2 · Answer 2 · answered Mar 29 '16 at 09:39

You should make centralized database.If you don't want to do that. You have set-upped both database in both projects and create another one database for django user only.

settings like:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.xxx',
        'NAME': 'djangoUserDB',                 
        'USER': 'root',                    
        'PASSWORD': '',                
        'HOST': 'abc or xyz', # you should put this in one domain. abc or xyz               
        'PORT': '',
    },

    'abc': {
        'ENGINE': 'django.db.backends.xxx',
        'NAME': 'abcDB',                 
        'USER': 'root',                    
        'PASSWORD': '',                
        'HOST': 'abc', 
        'PORT': '',
    },

   'xyz': {
        'ENGINE': 'django.db.backends.xxx',
        'NAME': 'abcDB',                 
        'USER': 'root',                    
        'PASSWORD': '',                
        'HOST': 'xyz',         'PORT': '',
     },
}

You should use only one db for user management.

I don't think so any problem will happened.

Hopefully! it will help you. :)

This is what I was going to suggest – Adam Hopkins Mar 30 '16 at 14:00 — Adam Hopkins, Mar 30 '16 at 14:00

Creating user in django with same password in multiple domains

2 Answers2