Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication bug for multi tenant django app #816

Open
peymanahmadifar opened this issue Jul 14, 2024 · 1 comment
Open

Authentication bug for multi tenant django app #816

peymanahmadifar opened this issue Jul 14, 2024 · 1 comment

Comments

@peymanahmadifar
Copy link

The Django SECRET_KEY is cached in the TokenBackend

The TokenBackend class sets the Django SECRET_KEY when it is initialized and then it is cached. If the first call of the APIs of the django app is from the side of any tenant, the SECRET_KEY will be cached, and the subsequent calls of the APIs, even if they are from another tenant, will use the previous SECRET_KEY and the error of invalid access token will not be given.
@sterliakov
Copy link
Contributor

Could you elaborate more on your use case? I struggle to understand what django.config.settings.SECRET_KEY has to do with multitenancy: SECRET_KEY is usually configured per application... It's pretty difficult for some system to have a single instance of TokenBackend and several different instances of django.conf.settings. How does your tenant logic affect SECRET_KEY setting? A short code snippet could be extremely helpful to clarify your intent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peymanahmadifar @sterliakov