Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
180
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
100
Project layout patterns in Go
masci
1
520
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
770
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
300
How to port your Python software to Go without people noticing
masci
0
220
Python - Go One Way
masci
0
200
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
110
Django 1.7 on App Engine
masci
0
210
If code is poetry, then documentation is prose
masci
0
140
Other Decks in Programming
See All in Programming
ソフトウェアテスト徹底指南書の紹介
goyoki
1
150
Azure SRE Agentで運用は楽になるのか?
kkamegawa
0
2k
GitHubとGitLabとAWS CodePipelineでCI/CDを組み比べてみた
satoshi256kbyte
4
210
プロパティベーステストによるUIテスト: LLMによるプロパティ定義生成でエッジケースを捉える
tetta_pdnt
0
300
奥深くて厄介な「改行」と仲良くなる20分
oguemon
1
510
Swift Updates - Learn Languages 2025
koher
2
470
ぬるぬる動かせ! Riveでアニメーション実装🐾
kno3a87
1
210
TDD 実践ミニトーク
contour_gara
1
290
複雑なドメインに挑む.pdf
yukisakai1225
5
1.1k
詳解!defer panic recover のしくみ / Understanding defer, panic, and recover
convto
0
230
CJK and Unicode From a PHP Committer
youkidearitai
PRO
0
110
ユーザーも開発者も悩ませない TV アプリ開発 ~Compose の内部実装から学ぶフォーカス制御~
taked137
0
140
Featured
See All Featured
4 Signs Your Business is Dying
shpigford
184
22k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
51
5.6k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
How to train your dragon (web standard)
notwaldorf
96
6.2k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
The Cult of Friendly URLs
andyhume
79
6.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
Balancing Empowerment & Direction
lara
3
620
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR