Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
180
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
100
Project layout patterns in Go
masci
1
520
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
770
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
300
How to port your Python software to Go without people noticing
masci
0
220
Python - Go One Way
masci
0
200
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
110
Django 1.7 on App Engine
masci
0
210
If code is poetry, then documentation is prose
masci
0
140
Other Decks in Programming
See All in Programming
「手軽で便利」に潜む罠。 Popover API を WCAG 2.2の視点で安全に使うには
taitotnk
0
830
Performance for Conversion! 分散トレーシングでボトルネックを 特定せよ
inetand
0
120
Oracle Database Technology Night 92 Database Connection control FAN-AC
oracle4engineer
PRO
1
440
MCPとデザインシステムに立脚したデザインと実装の融合
yukukotani
4
1.4k
JSONataを使ってみよう Step Functionsが楽しくなる実践テクニック #devio2025
dafujii
1
510
プロポーザル駆動学習 / Proposal-Driven Learning
mackey0225
2
1.2k
print("Hello, World")
eddie
1
520
さようなら Date。 ようこそTemporal! 3年間先行利用して得られた知見の共有
8beeeaaat
3
1.4k
Putting The Genie in the Bottle - A Crash Course on running LLMs on Android
iurysza
0
140
Cache Me If You Can
ryunen344
1
620
「待たせ上手」なスケルトンスクリーン、 そのUXの裏側
teamlab
PRO
0
480
Kiroで始めるAI-DLC
kaonash
2
580
Featured
See All Featured
Visualization
eitanlees
148
16k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
GitHub's CSS Performance
jonrohan
1032
460k
Into the Great Unknown - MozCon
thekraken
40
2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.9k
How GitHub (no longer) Works
holman
315
140k
Practical Orchestrator
shlominoach
190
11k
Done Done
chrislema
185
16k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Producing Creativity
orderedlist
PRO
347
40k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
51
5.6k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR