I'm building an app with a Django backend, Angular frontend, and a REST API using Django REST Framework for Angular to consume. When I was still working out backend stuff with a vanilla frontend, I used the provided Django authentication to handle user auth- but now that I'm creating a REST based app, I'm not sure how to approach authentication.
Since all user data will be either retrieved or submitted via the API, should API authentication be enough? If so, do I need to remove the existing Django authentication middleware?
Right now, when I try to hit API endpoints on an early version of the app, I'm directed to what looks like the normal Django login form. If I enter a valid username and password, it doesn't work- just prompts to login again. Would removing the basic Django authentication prevent this? I want to be prompted to login, however I'm not sure how to handle that with these technologies.
The package django-rest-auth seems useful, and the same group makes an Angular module- but the docs don't go much past installation and the provided endpoints. Ultimately, I think the core of this question is: how do I entirely switch authentication away from what's provided by Django to something like django-rest-auth or one of the other 3rd party packages recommended by DRF?
edit: I made this comment below, but I realized that I need to figure out how combined auth will work. I'm not building a single page app, so individual basic pages will be served from Django, but each page will hit various API endpoints to retrieve the data it needs. Is there a way to have something like django-rest-auth handle all authentication?
To anyone that stumbles onto this question, I couldn't figure out how to make the hybrid approach work. Having Django serve pages that each contained API calls seemed OK, but I never saw any requests made to the API- I believe due to some other security issues. I'm sure it's possible, but I decided to go for the single page app implementation after all to make things simpler.
Related
I have an application which uses flask and flask-security-too in the rest layer. Since flask-security contains some nice, out-of-the-box solutions for user signup, registration etc. including some override-able views. I would really like to use it if possible.
However, I would instead like to plug in a react frontend to get the SPA things going. I read in the documentation for flask-security that the views are indeed possible to override but not sure if/how I would manage to get this working for a built react app?
To summarize my question: Can I use React.js still benefit from flask-security features?
Please read:
https://flask-security-too.readthedocs.io/en/stable/spa.html
basically - you will be using the JSON api rather than forms.
This may be an opinionated question but sorry I am too curious.
I learned to develop Django Model-View-Template websites ( multi page websites) and Django Rest Framework.
From the same Django Model can I create Rest API's and MVC templates together ?
I wanted to develop a Blog website that use session authentication and based on MVC architecture. The same server should create API's because the Mobile app for the Blog may consume the API's and use Token Authentication (using Djoser).
If I use same User model for session and token authentication, Can mobile blog app users use their username and password to access website version ?
Django REST Framework is just a collection of helpers to easily create HTTP endpoints that conform to REST behaviour, which mostly means conventions around GET, POST, PUT and DELETE. You could code all this behaviour by hand using default Django, DRF just makes it a lot easier. The end result are simply specific routes which accept input and return output in specific formats to/from models.
Of course you can use that in addition to normal Django Views. It's just a different interface to your models and other business logic. Authentication can be the same, but typically you use some sort of token authentication for the API; that ultimately depends on how the API is supposed to be used exactly.
What is the best twitter auth plugin for Django. I do not understand why django-social-auth and django socialregistration suck so badly, but authentication to both facebook + twitter is not that hard and there seems to be no good django packages for either.
Please prove me wrong.
Thanks
I've attempted using allauth, but haven't gotten it to work.
This post lead me to it:
http://hackerluddite.wordpress.com/2011/05/17/review-of-4-django-social-auth-apps/
Let us know what you find that works.
I've also tested django-social-auth and django-socialregistration and they sucked. Things like easily fixed AttributeErrors caused by the software not being kept up to date with the latest Django. They also build upon the model that you authenticate with any of the social auth provider, but you still have to create a new account to login.
Then I tried Janrain and it is the best thing since sliced bread. You can either use it standalone because it is not so hard to integrate its javascript and json api yourself from scratch. Or use django-rpx-plus (RPX is the old name for Janrain) that provides some views and data structures to make integration even easier.
Using Janrain, it is easy to just let your users click on the google/twitter/facebook icon, click accept on the providers page shown in a popup and voila! logged in! The only downsides are the Janrain branding shown in the free version and that you have to rely on a third party for authentication.
I'm writing a set of REST services for a Django project. I've been using django-rest-framework for a while. Because of its limited functionality I had to switch to django-piston which I quite enjoy.
However, django-rest-framework had one really nice feature - it was able to display an admin-like interface for testing the created services from the browser. It's just terrific for debugging purposes. It's very simple: one form is displayed for each HTTP method like "GET", "POST", etc. Along with that a drop-down list of available content types and a text field for putting in the data to be sent.
As I view it, this isn't really a feature in any way directly connected with a particular REST framework. It isn't even necessarily about Django. It could all be achieved just using HTML + JS, or an external website.
My question is: What do you use for manual testing / debugging web services? Could you point me to some HTML snippet or a Django app that would do the described thing?
This may seem obvious, but:
Why not just use Django's testing client (django.test.client.Client)? then instead of manually 'debugging' in your browser, you can write unit tests with expectations and get leverage out of those further down the track.
e.g.
from django.test.client import Client
client = Client()
resp = client.put('/employee/2/', data={'email': 'here#there.com'}, follow=True)
#... etc
As the author of django-rest-framework it'd be great to pick your brains about which bits of functionality could do with fleshing out. :) (obv i've got some thoughts of my own and areas I'm planning to work on, but be really good to get some user perspective)
Your absolutely right about the API browser not being limited to any particular framework. To me that's the big deal with DRF and I'd love to see more API frameworks take a similar approach. One of the supposed benefits of RESTful APIs is that they should be self-describing, and it seems counter-intuitive to me that so many of the Web APIs we build today are not Web browseable.
Oh, and totally agree with jsw re. testing Web APIs in django, I wouldn't use the framework's browsable API to replace automated tests.
I had the same problem and that was eaily solved by logging out of admin page in that project.
We are building a website on Google App Engine, using django patch.
We would like to use Facebook connect for two purposes:
Authenticate users.
Access user's social data.
Searching for a solution in the usual places (google, FB, SO) brigs up a lot of noise, many partial solutions and no clear answer.
So the question is this: does anyone has a clear working solution? maybe even a recipe?
Thanks.
Honza: we where looking for something that also does authentication Django style.
We ended up doing the login on the client side than sending an AJAX request to Django and wrote our own authenticate/login logic.
Once we get the user's credentials, we use PyFacebook for FB connectivity.