https://supertokens.com/ logo
Channels
Powered by
m

Moe1502Pi

05/27/2022, 6:02 AM
Hi Guys Quick Hope everyone is well , What is the best way to implement supertokens in python ? So the plan is to use a python terminal app with login ? is this possible ? Does anyone have any tips or has anyone implemented something similar ?
r

rp

05/27/2022, 6:13 AM
hey @Moe1502Pi
So if i understand this correctly, you are building a CLI written in python and want to provide auth for that?
m

Moe1502Pi

05/27/2022, 6:14 AM
Yes that is correct and I have googled around but cannot seem to find anything concrete
r

rp

05/27/2022, 6:14 AM
hmm. What is your backend?
m

Moe1502Pi

05/27/2022, 6:39 AM
Currently what i use as a backend would be MongoDB , so currently we have our own custom JWT Token Auth which uses Mongodb to do a lookup and redis to store the tokens for session management
r

rp

05/27/2022, 6:59 AM
hmm. so the client is the python CLI right? It talks to mongodb directly? Or some API layer which talks to mongodb?
m

Moe1502Pi

05/27/2022, 7:09 AM
I have a flaskapi that talks to MongoDB basically the api does the heavy lifting
r

rp

05/27/2022, 7:33 AM
Understood. And for logging in, does the CLI open the web browser?
m

Moe1502Pi

05/27/2022, 7:53 AM
No it does not it is just a terminal app , whereby I would used request to make a call to the flask api and get my token back
r

rp

05/27/2022, 7:56 AM
hmm. How would that API authenticate the user?
m

Moe1502Pi

05/27/2022, 8:03 AM
Check if the user exists in the database if he/she does it will return a JWT Token back
r

rp

05/27/2022, 8:04 AM
oh so the user will give an email or something in the request?
Well, anyhow. So you have two options: - Use our session recipe -> here, instead of issuing just a JWT, you will get an access and a refresh token which you will have to save on the client side. This can be a bit complex because you need to refresh the session yourself (we don't have a frontend python SDK) - The other method is to use supertokens to issue a JWT which you can then send to the frontend (similar to your current method). The only real advantage you are getting here is that you don't have to worry about issuing a JWT yourself and managing its secret key yourself.
m

Moe1502Pi

05/27/2022, 8:52 AM
Okay thank you for the advice I will evaluate the two options
Powered by