Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
180
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
98
Project layout patterns in Go
masci
1
510
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
770
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
280
How to port your Python software to Go without people noticing
masci
0
210
Python - Go One Way
masci
0
190
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
110
Django 1.7 on App Engine
masci
0
210
If code is poetry, then documentation is prose
masci
0
140
Other Decks in Programming
See All in Programming
SQLアンチパターン第2版 データベースプログラミングで陥りがちな失敗とその対策 / Intro to SQL Antipatterns 2nd
twada
PRO
35
11k
React 使いじゃなくても知っておきたい教養としての React
oukayuka
18
4.8k
なぜあなたのオブザーバビリティ導入は頓挫するのか
ryota_hnk
4
540
「次に何を学べばいいか分からない」あなたへ──若手エンジニアのための学習地図
panda_program
3
680
[SRE NEXT] 複雑なシステムにおけるUser Journey SLOの導入
yakenji
1
860
LLMは麻雀を知らなすぎるから俺が教育してやる
po3rin
3
1.5k
プロダクトという一杯を作る - プロダクトチームが味の責任を持つまでの煮込み奮闘記
hiliteeternal
0
320
副作用と戦う PHP リファクタリング ─ ドメインイベントでビジネスロジックを解きほぐす
kajitack
3
500
Reactの歴史を振り返る
tutinoko
1
150
Google I/O Extended Incheon 2025 ~ What's new in Android development tools
pluu
1
210
Claude Code派?Gemini CLI派? みんなで比較LT会!_20250716
junholee
1
770
Android 15以上でPDFのテキスト検索を爆速開発!
tonionagauzzi
0
180
Featured
See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
47
9.6k
Scaling GitHub
holman
461
140k
Bash Introduction
62gerente
613
210k
Building an army of robots
kneath
306
45k
A Modern Web Designer's Workflow
chriscoyier
695
190k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
We Have a Design System, Now What?
morganepeng
53
7.7k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
It's Worth the Effort
3n
185
28k
Typedesign – Prime Four
hannesfritz
42
2.7k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR