• Authentication Best Practices: Does the authentication flow adheres to standard best practices, particularly with OAuth and Django?
• Security Best Practices: I'm particularly interested in how the code handles security aspects such as CSRF, secure API communication, and protection against common vulnerabilities.
• OOP Practices: Feedback on how well Object-Oriented Programming principles are integrated in regard to Django best-practices.
• Code Separation of Concerns: How well the code separates different functionalities, such as handling OAuth logic, user specific action, token specific actions, etc. I've seen there's a Requests-OAuthlib, but I'm not sure if it has any benefits.

• Authentication Best Practices: Does the authentication flow adhere to standard best practices, particularly with OAuth and Django?
• Security Best Practices: I'm particularly interested in how the code handles security aspects such as CSRF, secure API communication, and protection against common vulnerabilities.
• OOP Practices: Feedback on how well Object-Oriented Programming principles are integrated in regard to Django best-practices.
• Code Separation of Concerns: How well the code separates different functionalities, such as handling OAuth logic, user specific action, token specific actions, etc. I've seen there's a Requests-OAuthlib, but I'm not sure if it has any benefits.

I've been working on a Django-based Google Authentication application, designed to manage OAuth authentication without relying on libraries such as django-allauth. This is primarily intended for a backend that interfaces with a React frontend through API requests. My main goal is to establish authentication using oauthlib and Django's inherent capabilities.

• Authentication Best Practices: Does the authentication flow adheres to standard best practices, particularly with OAuth and Django?
• Security Best Practices: I'm particularly interested in how the code handles security aspects such as CSRF, secure API communication, and protection against common vulnerabilities.
• OOP Practices: Feedback on how well Object-Oriented Programming principles are integrated in regards to Django best-practices.
• Code Separation of Concerns: How well the code separates different functionalities, such as handling OAuth logic, user specific action, token specific actions, etc. I've seen there's a Requests-OAuthlib but I'm not sure if it has any benefits.

1. If the user is new, create a new record within CustomUser, link google_id (sub) and create new JWT access / refresh token.
2. If the user is not new (record already exists in db), but they used other authentication method and now they use Google, link google_id and create new JWT access / refresh token.

Thank you in advance for your time and insights!

I've been working on a Django-based Google Authentication application, designed to manage OAuth authentication without relying on libraries such as django-allauth. This is primarily intended for a backend that interfaces with a React frontend through API requests. My main goal is to establish authentication using OAuthLib and Django's inherent capabilities.

• Authentication Best Practices: Does the authentication flow adheres to standard best practices, particularly with OAuth and Django?
• Security Best Practices: I'm particularly interested in how the code handles security aspects such as CSRF, secure API communication, and protection against common vulnerabilities.
• OOP Practices: Feedback on how well Object-Oriented Programming principles are integrated in regard to Django best-practices.
• Code Separation of Concerns: How well the code separates different functionalities, such as handling OAuth logic, user specific action, token specific actions, etc. I've seen there's a Requests-OAuthlib , but I'm not sure if it has any benefits.

1. If the user is new, create a new record within CustomUser, link google_id (sub) and create new JWT access / refresh token.
2. If the user is not new (record already exists in db), but they used other authentication method, and now they use Google, link google_id and create new JWT access / refresh token.