I'm using oauth2_provider + rest_framework. I have configured several client applications, and they successfully authenticate and receive access tokens.
I would like to have the client app in the request (Eg. request.client). Perhaps I should create some kind of middleware, which sets it, but I'm not sure what is the proper way to do it. Or maybe this functionality is already provided by the oauth2_provider/oauthlib, and I have overlooked it?
The client should be set when:
a valid access token is provided
valid app credentials are provided (like when requesting access token)
Python v3.5.3, Django v1.10.6
oauth2_provider AccessToken has a foreign key
to the application issued that token
You can get the application form the access token like this: application = request.auth.application
AbstractApplication class has foreign key to settings.AUTH_USER_MODEL https://github.com/evonove/django-oauth-toolkit/blob/0.12.0/oauth2_provider/models.py#L62
So if you are using default Application class you could get the clients by request.user.oauth2_providers_applications
Related
My website hosts a lot of APIs(CRUDs) using DJR. I am using DJR Token based authentication and for testing I would add this header to postman
Key : Authorization
value : Token 826fdf3067b07afdf9edd89a6c9facd9920de8b8
and Django Rest Framework would easily be able to authenticate the user.
Now I inlcuded Django channels constantly 1.1.5 and wanted to know how I could do token based authentication. I read this post and it suggests that I copy this mixin to the project. I just started with Django-channels and am not sure how to include that mixin to my code. Currently I have something like this
#channel_session_user_from_http
def ws_connect(message):
user = message.user
message.reply_channel.send({"accept": True}) #Send back Acceptance response.
#channel_session_user
def chat_join(message):
user = message.user #Get authenticated user
I have the following two questions
1-How do I include that mixin in my current project ? I know you include mixins in classes using class classname(SomeMixin). How would I go about including this mixin into my code ?
2-Will I need to include an authentication token in my json message that I send to the websocket ?
Any suggestions would be great.
`
I am making an API in Flask for a simple jQuery mobile + PhoneGap app to be packaged and downloaded. As I understand, all the calls to the database should be made with JavaScript, AJAX, and JSON. Since the app is about the user, and all of the views draw data from the logged user, I am not sure how to proceed with the authentication. As I understand, the workflow should be:
user logs in (json encoded username and password)
server generates token with expiration (i.e. 24h) for that user
this token is saved on the mobile app as a cookie or in localstorage
all of the calls to the server are done with this token which identifies the current user: /api/token=12345
when the toke expires, a new login prompt is required
I thought of implementing this with Flask-Security's authentication token. Is there a more straightforward way of accomplishing this?
Flask-JWT seems like a pretty straight-forward solution.
Then on the front end you can just add an HTTP interceptor to add X-Auth-Token to the headers or something.
I'm new to EVE framework, but already have some experience with flask and mongodb. I want to build a web app based on eve rest with token auth. So for example I have the case: I want to check if email exists in realtime when user filled out the form. The user info is in users collection, but I want to put users collection under token auth. So how should I handle custom request without token? Should it be handled through flask?
Maybe something like this:
#app.route('/_check_email', methods=['GET'])
def check_email():
print request
email = request.args.get('email', 0, type=str)
accounts = app.data.driver.db['users']
lookup = {'email': email}
account = accounts.find_one(lookup)
if not account:
return jsonify(valid=True)
else:
return jsonify(valid=False)
Thanks!
You might want to wrap it all in a Flask Blueprint. See what's been done with Eve-Docs extension. Other than that, Eve is just a Flask subclass so you are free to play with it as you would do with Flask itself.
I have read multiple tutorials on authentication but I am just as confused. I am trying to log a user in using an html form on the client device, which means I'm not using Django templates. Does it work like the following?
I send a post to rest backend with username, password combo
Django rest checks to see if valid user, and sends token back?
I save token in local storage, and send with every request of user?
What do I send from the front end to make this happen?
Yes, send a post request to a RESTful backend with username and password combo
Django authenticates the username and password and logs the user in which sets a sessionid associated with the user which I believe you are referring to as a token. This is done via the login() method. https://docs.djangoproject.com/en/dev/topics/auth/default/#django.contrib.auth.login
Normally Django would set a sessionid as a coookie or session variable on the client's machine, but I'd imagine you could save it in local storage and then retrieve it each time and validate it's a valid sessionid on each request but it's easier to just let Django's middleware take care of everything by just using sessions.
I have developed an API using django rest framework and have used Token based authentication, Now I have trying to use it from separate project. How I can login using userid and password and get token in response and use token in header in all next url calls.
From Shell I have checked token for one of the user and tested api from terminal and it's working like,
http://127.0.0.1:8000/corporate/company/ -H 'Authorization: Token 9f4702dfddbf89e0346b2ffd10fd69173c178273'
But how to use this token in http calls?
I have included rest_framework.authtoken in installed app and included url in urls.py as:
url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token')
Now I have trying to get it accessed from another project, where I have made one of the login form? Now the Question is where to post form and what fields should be there in form. If I have posted form then token will be returned in response then how Can I parse and use in headers on next calls?
I have gone through tutorial and API guide but no help. On how to access api in my project while Api is ready and login is working through browser-able api url.
Django rest framerwork supports many auth options. You can use Basic Auth if you want.
If you want to use the token you will need to set an http header with the correct token for your user.
From the docs you need to set it as (replace 99... with yours)
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b