Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
170
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Project layout patterns in Go
masci
1
470
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
690
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
160
How to port your Python software to Go without people noticing
masci
0
180
Python - Go One Way
masci
0
150
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
71
Django 1.7 on App Engine
masci
0
170
If code is poetry, then documentation is prose
masci
0
71
Fullstack developer with Django and AngularJS
masci
0
130
Other Decks in Programming
See All in Programming
What We Can Learn From OSS
inouehi
0
420
デフォルトにして至高、RubyMineの大好きな所
ruzia
0
300
PHP8.3の機能を振り返る / Review of PHP 8.3 features
seike460
PRO
1
110
SIMD Parallel Programming with the Vector API
josepaumard
0
140
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
230
#phpcon_odawara オープン・クローズドなテストフィクスチャを求めて / open closed test fixtures
77web
3
230
Blue/Greenデプロイの導入による 運用フローの改善
kudoas
1
370
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
820
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
200
今、知っておきたい! 生成AIエージェントの世界
elith
3
350
Behind VS Code Extensions for JavaScript / TypeScript Linnting and Formatting
unvalley
5
900
ADRを一年運用してみた/adr_after_a_year
hanhan1978
7
2.3k
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
23
3.9k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
17
1.4k
Atom: Resistance is Futile
akmur
259
25k
Facilitating Awesome Meetings
lara
42
5.6k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Designing with Data
zakiwarfel
96
4.8k
Into the Great Unknown - MozCon
thekraken
10
990
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
For a Future-Friendly Web
brad_frost
172
9k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
What's in a price? How to price your products and services
michaelherold
237
11k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR