Facebook authentication: server-side versus client-side. Python/Django

Question

I have a website that essentially requires that the user be logged in to see anything. If they are not logged in then they are redirected to the front page and a login form.

I currently use Django's standard authentication and test for authentication server-side before returning the page.

I now want to add Facebook login and authentication. Does this mean that I need to make a server-side call to Facebook and verify authentication every single time that a user navigates to any page? It seems that this will add quite a number of calls and potential page delays.

Or, is this not really a concern (Facebook call is fast) or is there some other clever way that I am missing? Somehow move the call client-side where I believe that Facebook uses caching?

I've looked at some of the Django/Facebook packages, but none seem to explain the overall strategy, which is what I'm looking to understand. The tutorials that I have looked at describe how to login, but don't worry about what happens once a user logs out of Facebook.

Answer 1

Basically, the user logs in once using facebook (this will make a request to facebook).

once is logged in, it will behave just as a normal django user (most apps create a Django User for each facebook user)

Only when the access token is expired (the "password" for using the facebook data) than you will need to make a connection to facebook again.

Ill recommend you to use Python Social Auth which basically does everything for you.