Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
170
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
83
Project layout patterns in Go
masci
1
500
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
750
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
250
How to port your Python software to Go without people noticing
masci
0
210
Python - Go One Way
masci
0
180
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
100
Django 1.7 on App Engine
masci
0
200
If code is poetry, then documentation is prose
masci
0
120
Other Decks in Programming
See All in Programming
Rubyの!メソッドをちゃんと理解する
alstrocrack
2
380
データベースの技術選定を突き詰める ~複数事例から考える最適なデータベースの選び方~
nnaka2992
3
2.9k
エンジニアが挑む、限界までの越境
nealle
1
350
イベントソーシングとAIの親和性ー物語とLLMに理解できるデータ
tomohisa
0
120
CursorとDevinが仲間!?AI駆動で新規プロダクト開発に挑んだ3ヶ月を振り返る / A Story of New Product Development with Cursor and Devin
rkaga
5
1.4k
ASP.NETアプリケーションのモダナイゼーションについて
tomokusaba
0
280
バイラテラルアップサンプリング
fadis
3
630
Browser and UI #2 HTML/ARIA
ken7253
2
190
The New Developer Workflow: How AI Transforms Ideas into Code
danielsogl
0
140
OpenTelemetryで始めるベンダーフリーなobservability / Vendor-free observability starting with OpenTelemetry
seike460
0
130
最速Green Tea 🍵 Garbage Collector
kuro_kurorrr
1
160
VitestのIn-Source Testingが便利
taro28
10
2.5k
Featured
See All Featured
KATA
mclloyd
29
14k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
The Cost Of JavaScript in 2023
addyosmani
49
7.9k
Adopting Sorbet at Scale
ufuk
76
9.4k
Agile that works and the tools we love
rasmusluckow
329
21k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
122
52k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
179
53k
Rebuilding a faster, lazier Slack
samanthasiow
81
9k
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.8k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR