Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
180
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
92
Project layout patterns in Go
masci
1
510
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
760
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
280
How to port your Python software to Go without people noticing
masci
0
210
Python - Go One Way
masci
0
190
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
110
Django 1.7 on App Engine
masci
0
210
If code is poetry, then documentation is prose
masci
0
130
Other Decks in Programming
See All in Programming
状態遷移図を書こう / Sequence Chart vs State Diagram
orgachem
PRO
2
160
ニーリーにおけるプロダクトエンジニア
nealle
0
880
「テストは愚直&&網羅的に書くほどよい」という誤解 / Test Smarter, Not Harder
munetoshi
0
190
dbt民主化とLLMによる開発ブースト ~ AI Readyな分析サイクルを目指して ~
yoshyum
3
1.1k
ペアプロ × 生成AI 現場での実践と課題について / generative-ai-in-pair-programming
codmoninc
2
20k
レベル1の開発生産性向上に取り組む − 日々の作業の効率化・自動化を通じた改善活動
kesoji
0
260
PHPでWebSocketサーバーを実装しよう2025
kubotak
0
300
効率的な開発手段として VRTを活用する
ishkawa
0
150
Android 16KBページサイズ対応をはじめからていねいに
mine2424
0
200
PipeCDのプラグイン化で目指すところ
warashi
1
290
なぜ適用するか、移行して理解するClean Architecture 〜構造を超えて設計を継承する〜 / Why Apply, Migrate and Understand Clean Architecture - Inherit Design Beyond Structure
seike460
PRO
3
780
初学者でも今すぐできる、Claude Codeの生産性を10倍上げるTips
s4yuba
16
12k
Featured
See All Featured
Building an army of robots
kneath
306
45k
How STYLIGHT went responsive
nonsquared
100
5.6k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Code Review Best Practice
trishagee
69
19k
Done Done
chrislema
184
16k
The World Runs on Bad Software
bkeepers
PRO
69
11k
Gamification - CAS2011
davidbonilla
81
5.4k
Optimizing for Happiness
mojombo
379
70k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
700
A Modern Web Designer's Workflow
chriscoyier
695
190k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
46
9.6k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR