Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
170
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
48
Project layout patterns in Go
masci
1
480
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
710
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
210
How to port your Python software to Go without people noticing
masci
0
200
Python - Go One Way
masci
0
150
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
71
Django 1.7 on App Engine
masci
0
170
If code is poetry, then documentation is prose
masci
0
82
Other Decks in Programming
See All in Programming
AWS IaCの注目アップデート 2024年10月版
konokenj
3
3.1k
Android 15 でアクションバー表示時にステータスバーが白くなってしまう問題
tonionagauzzi
0
140
go.mod、DockerfileやCI設定に分散しがちなGoのバージョンをまとめて管理する / Go Connect #3
arthur1
10
2.4k
JaSST 24 九州:ワークショップ(は除く)実践!マインドマップを活用したソフトウェアテスト+活用事例
satohiroyuki
0
270
Tuning GraphQL on Rails
pyama86
2
1.1k
Vitest Browser Mode への期待 / Vitest Browser Mode
odanado
PRO
2
1.7k
Generative AI Use Cases JP (略称:GenU)奮闘記
hideg
0
160
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
440
リリース8年目のサービスの1800個のERBファイルをViewComponentに移行した方法とその結果
katty0324
5
3.6k
シールドクラスをはじめよう / Getting Started with Sealed Classes
mackey0225
3
400
推し活の ハイトラフィックに立ち向かう Railsとアーキテクチャ - Kaigi on Rails 2024
falcon8823
6
2.3k
Boost Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
900
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
107
49k
Building Better People: How to give real-time feedback that sticks.
wjessup
363
19k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
[RailsConf 2023] Rails as a piece of cake
palkan
51
4.9k
Become a Pro
speakerdeck
PRO
24
5k
Making the Leap to Tech Lead
cromwellryan
132
8.9k
Into the Great Unknown - MozCon
thekraken
31
1.5k
It's Worth the Effort
3n
183
27k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
Making Projects Easy
brettharned
115
5.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
27
1.9k
A Modern Web Designer's Workflow
chriscoyier
692
190k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR