Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
180
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
100
Project layout patterns in Go
masci
1
520
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
780
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
300
How to port your Python software to Go without people noticing
masci
0
220
Python - Go One Way
masci
0
200
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
110
Django 1.7 on App Engine
masci
0
210
If code is poetry, then documentation is prose
masci
0
140
Other Decks in Programming
See All in Programming
Navigating Dependency Injection with Metro
zacsweers
3
240
Zendeskのチケットを Amazon Bedrockで 解析した
ryokosuge
3
290
プロポーザル駆動学習 / Proposal-Driven Learning
mackey0225
2
1.2k
はじめてのMaterial3 Expressive
ym223
2
250
プロパティベーステストによるUIテスト: LLMによるプロパティ定義生成でエッジケースを捉える
tetta_pdnt
0
300
Introducing ReActionView: A new ActionView-compatible ERB Engine @ Rails World 2025, Amsterdam
marcoroth
0
640
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
280
もうちょっといいRubyプロファイラを作りたい (2025)
osyoyu
1
410
個人軟體時代
ethanhuang13
0
320
How Android Uses Data Structures Behind The Scenes
l2hyunwoo
0
400
知っているようで知らない"rails new"の世界 / The World of "rails new" You Think You Know but Don't
luccafort
PRO
1
100
AWS発のAIエディタKiroを使ってみた
iriikeita
1
180
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Raft: Consensus for Rubyists
vanstee
140
7.1k
Making the Leap to Tech Lead
cromwellryan
135
9.5k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Embracing the Ebb and Flow
colly
87
4.8k
The Cost Of JavaScript in 2023
addyosmani
53
8.9k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.1k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
Bash Introduction
62gerente
615
210k
Mobile First: as difficult as doing things right
swwweet
224
9.9k
It's Worth the Effort
3n
187
28k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR