Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protect a Django REST api with Oauth2
Search
Massimiliano Pippi
April 10, 2015
Programming
0
170
Protect a Django REST api with Oauth2
Lightning talk for pycon15
Massimiliano Pippi
April 10, 2015
Tweet
Share
More Decks by Massimiliano Pippi
See All by Massimiliano Pippi
Finding the needle: a deep dive into the rewriting of Haystack
masci
0
64
Project layout patterns in Go
masci
1
490
A Python and a Gopher walk into a bar - Embedding Python in Go. (dotGo2017)
masci
0
720
A Python and a Gopher walk into a bar - Embedding Python in Go.
masci
0
220
How to port your Python software to Go without people noticing
masci
0
200
Python - Go One Way
masci
0
170
How we stopped using the mouse and started drawing molecules with our fingertips: not the usual porting story
masci
0
86
Django 1.7 on App Engine
masci
0
180
If code is poetry, then documentation is prose
masci
0
99
Other Decks in Programming
See All in Programming
混沌とした例外処理とエラー監視に秩序をもたらす
morihirok
13
2.2k
令和7年版 あなたが使ってよいフロントエンド機能とは
mugi_uno
10
5.2k
PicoRubyと暮らす、シェアハウスハック
ryosk7
0
210
traP の部内 ISUCON とそれを支えるポータル / PISCON Portal
ikura_hamu
0
180
カンファレンス動画鑑賞会のススメ / Osaka.swift #1
hironytic
0
170
Flatt Security XSS Challenge 解答・解説
flatt_security
0
730
ecspresso, ecschedule, lambroll を PipeCDプラグインとして動かしてみた (プロトタイプ) / Running ecspresso, ecschedule, and lambroll as PipeCD Plugins (prototype)
tkikuc
2
1.8k
Alba: Why, How and What's So Interesting
okuramasafumi
0
210
KMP와 kotlinx.rpc로 서버와 클라이언트 동기화
kwakeuijin
0
300
AHC041解説
terryu16
0
380
盆栽転じて家具となる / Bonsai and Furnitures
aereal
0
1.8k
PHPカンファレンス 2024|共創を加速するための若手の技術挑戦
weddingpark
0
140
Featured
See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
19
2.3k
Designing Experiences People Love
moore
139
23k
What's in a price? How to price your products and services
michaelherold
244
12k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
860
How to Think Like a Performance Engineer
csswizardry
22
1.3k
KATA
mclloyd
29
14k
Designing on Purpose - Digital PM Summit 2013
jponch
116
7.1k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.7k
The Cost Of JavaScript in 2023
addyosmani
46
7.2k
For a Future-Friendly Web
brad_frost
176
9.5k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Transcript
Protect a Django REST API with OAuth2 Massimiliano Pippi @maxpippi
Introducing my friend Harold Let’s say we want to write
a timetracking web application y u not pushing? git push -f works lol
Backend recipe Django & Django REST Framework u can use
the new DRF3 generic views here wut?
Projects proliferation timetracker-backend timetracker-web timetracker-[android|ios] timetracker-desktop yep! I need an
app for my nokia 3210
How do we do access control? Third party apps want
to access our data as well! not ma problem can’t hear u
Common problems • Using user credentials inside the app is
a bad idea • The app might have full access to user account • User has to change his password to revoke the access
Multiple problems - one Solution The OAuth2 framework omg not
oauth again
Django OAuth Toolkit • Django 1.4 → 1.7 (1.8 coming
soon) • Python 2&3 • built on top of oauthlib, RFC 6749 compliant • DRF 2&3 integration https://github.com/evonove/django-oauth-toolkit
Batteries included • builtin views to register and manage OAuth2
applications • form view for user authorization lol I found what DRF stands for omg harold plz retire
Endpoints protection for the lazy • function views decorators @protected_resource()
def my_view(request): # A valid token is required to get here… • generic class based views class ApiEndpoint(ProtectedResourceView): def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!')
DRF ootb integration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', )
}
Future plans - Help needed! OAuth1 support Resource and Authorization
server components separation https://github.com/evonove/django-oauth-toolkit +1 for my own PR