Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
170
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
51
Project layout patterns in Go
masci
1
480
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
710
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
210
How to port your Python software to Go without people noticing
masci
0
200
Python - Go One Way
masci
0
150
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
77
Django 1.7 on App Engine
masci
0
170
If code is poetry, then documentation is prose
masci
0
85
Other Decks in Programming
See All in Programming
Creating a Free Video Ad Network on the Edge
mizoguchicoji
0
130
DevTools extensions で 独自の DevTool を開発する | FlutterKaigi 2024
kokiyoshida
0
160
.NET Conf 2024の振り返り
tomokusaba
0
110
Tauriでネイティブアプリを作りたい
tsucchinoko
0
380
Modular Monolith Monorepo ~シンプルさを保ちながらmonorepoのメリットを最大化する~
yuisakamoto
10
2.6k
受け取る人から提供する人になるということ
little_rubyist
0
260
リアーキテクチャxDDD 1年間の取り組みと進化
hsawaji
1
230
Laravel や Symfony で手っ取り早く OpenAPI のドキュメントを作成する
azuki
2
130
Why Jakarta EE Matters to Spring - and Vice Versa
ivargrimstad
0
1.4k
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
610
最新TCAキャッチアップ
0si43
0
230
Amazon Qを使ってIaCを触ろう!
maruto
0
430
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
65
11k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Music & Morning Musume
bryan
46
6.2k
Making Projects Easy
brettharned
115
5.9k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
What's in a price? How to price your products and services
michaelherold
243
12k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Rails Girls Zürich Keynote
gr2m
94
13k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
140
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR