Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
170
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
74
Project layout patterns in Go
masci
1
490
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
740
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
250
How to port your Python software to Go without people noticing
masci
0
200
Python - Go One Way
masci
0
170
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
94
Django 1.7 on App Engine
masci
0
190
If code is poetry, then documentation is prose
masci
0
110
Other Decks in Programming
See All in Programming
技術選定を未来に繋いで活用していく
sakito
3
100
Devin入門と最近のアップデートから見るDevinの進化 / Introduction to Devin and the Evolution of Devin as Seen in Recent Update
rkaga
9
4.2k
ノーコードツールの裏側につきまとう「20分岐」との戦い
oguemon
0
190
Going Structural with Named Tuples
bishabosha
0
190
Firebase Dynamic Linksの代替手段を自作する / Create your own Firebase Dynamic Links alternative
kubode
0
200
自分のために作ったアプリが、グローバルに使われるまで / Indie App Development Lunch LT
pixyzehn
1
140
PHPによる"非"構造化プログラミング入門 -本当に熱いスパゲティコードを求めて- #phperkaigi
o0h
PRO
0
1.2k
AWS で実現する安全な AI エージェントの作り方 〜 Bedrock Engineer の実装例を添えて 〜 / how-to-build-secure-ai-agents
gawa
2
150
Vibe Codingをせずに Clineを使っている
watany
14
4.9k
新卒から4年間、20年もののWebサービスと 向き合って学んだソフトウェア考古学
oguri
8
7.1k
Day0 初心者向けワークショップ実践!ソフトウェアテストの第一歩
satohiroyuki
0
780
リアルタイムレイトレーシング + ニューラルレンダリング簡単紹介 / Real-Time Ray Tracing & Neural Rendering: A Quick Introduction (2025)
shocker_0x15
1
270
Featured
See All Featured
The Language of Interfaces
destraynor
157
24k
Code Review Best Practice
trishagee
67
18k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Scaling GitHub
holman
459
140k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.2k
RailsConf 2023
tenderlove
29
1k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
12
1.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
177
52k
Rails Girls Zürich Keynote
gr2m
94
13k
Facilitating Awesome Meetings
lara
53
6.3k
Being A Developer After 40
akosma
90
590k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR