How to handle user login through Spotify (what to do with tokens)
I'm trying to create a web app using a Django backend and React frontend. This is my first time using Django and dealing with accounts specifically. The app revolves around Spotify accounts so to login a user has to login through Spotify. I understand the authorization process and can get a user's access/refresh token, but I'm not sure what to do from here. I have found a lot of conflicting information online.
Most people say not to use local storage which makes sense. Right now I am trying to implement it using Django sessions, but I've read online about that not scaling well/not being RESTful so I'm confused. I also looked at using django-allauth and it worked, but I'm confused with how it would work with my React frontend because as far as I understand it, it's just something I can do only in Django (localhost:8000).
I want to be able to create a User in my database once a user logs in for the first time. From here, do I store the user's tokens inside the database too? Do I use Django's User model at all? I saw people mentioning Django's built-in authorization but confused how that ties in here.
I've tried using sessions and can do things after authenticating in the frontend, but unsure how to tie everything together with accounts.