I creating an app in which the authentication is done via web services of another app.
But as I m trying to understand how things will work, I m trying to figure out how I can store each user data and posts to them if I m not using Django auth and then linking the models via forgien keys.
All standard login's with other apps are done using a standard called OAuth2; Oauth2 standard allows you to login to apps with other services (Facebook, Apple, Google) while just storing a random token (not sensitive data).
Here is a Django library that makes using authenticating/logging into your app with another app's credentials super easy and secure using Oauth2.
Good luck, LMK if you need anything else!
Related
I am building a web app with a Django backend and React/Redux frontend running on separate servers. I have begun to try and start working on authentication and I cannot find a tutorial that suits my needs. Every tutorial either uses deprecated modules like drf-jwt (as opposed to simple-jwt) or has a simple mono-server that houses both the backend and the frontend in one directory. The former is useless and I do not want to do the latter as I like having the two separate servers for when I move on to deployment. Now can someone direct me to a good source of knowledge for getting this done? It doesn't have to be a tutorial it can be anything. I am really lost and I do not know how to begin.
you can use 3rd party packages djoser: Provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. for more information: https://pypi.org/project/djoser/
I'm using token authentication from Django Rest Framework so, after a login/password verification, the token on response can be used on any DRF endpoint.
I'm working on a service with REST-api implemented on django rest framework. I'l have web-site with frontend on javascript (possibly, SPA on Knockout), android and iOS apps, which all will be using this API. What is the best way to handle authentication in this case?
I'v read a lot on JWT-tokens (not my case, i must have ability to revoke auth for particular user at any time), sessions (already using django), storing tokens in localStorage and so on.
Should I have one type (tokens?) for all? Or is it normal, to use cookie-based session auth for web and tokens for mobile apps? If web also goes with tokens, where is the best way to store them: cookies or localStorage?
It's perfectly fine to use many authentication methods.
For web app this can be session base auth, assuming that you run it on the same domain. For mobile app you use tokens. DRF will check all methods defined here.
Therefore, remember to enable/disable correct ones.
The Google APIs python client has special support for the Django and in the examples given by Google (https://developers.google.com/api-client-library/python/guide/django), the class oauth2client.django_orm.Storage is used to store and retrieve Credentials objects.
However, I find lots of examples (https://github.com/jgmize/django-google-drive/tree/master/gdrive/gdoauth2, https://github.com/praekelt/django-google-credentials/tree/master/google_credentials ,etc) put the Credentials in a CredentialsField field of the user's profile,and it is saved into the database.
What are the advantages / disadvantages of the two methods ? Are there preferences ?
Thanx.
To implementsign in with google feature you can use django-allauth
https://django-allauth.readthedocs.io/en/latest/
it provides easy to integrate set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.
https://django-allauth.readthedocs.io/en/latest/providers.html#google
I'm new to Django and relatively new to OAuth. I'm building a Django app that's basically aiming to be a wrapper around Google Drive that implements tagging and user permissions. A few users who have important documents share them with the service account, and then the app provides a nice interface.
I'm generally confused about how to organize this, since Django seems to have many, many moving parts.
The app needs to almost constantly be authenticated with and talking to the Google Drive API.
Where does this authentication go? A model? Is it part of a site template that gets inserted on every page?
Here's sample app of integrating Django with OAuth2. You especially want to take a look at this file where it saves user credential using Storage class. There is also a documentation with better explanation about how OAuth flow with Storage works in Django.
To answer your question, you would want to define credential at Django user profile in order to save it easily associated with users. Also, your OAuth flow (creating auth url and authenticating) works at view.
I am trying to build an application that will use data from multiple social services. The user will need to authorize their accounts to be accessed across these multiple services (e.g. facebook, twitter, foursquare) using oauth.
I don't really need the users to login with these accounts, really it is just allowing their data from the api to be pulled.
I know I need to use oauth, but I am having trouble finding a basic example of how to do this type of thing (a lot of examples exist for logging in with oauth).
I have been trying the python-oath2 library.
Does anyone have any recommendation for a good tutorial or example of doing this type of thing in python, and if possible django.
Thanks.
Why reinvent the wheel? There is a plethora of reusable applications that have this implemented. You can find a comparison here: http://djangopackages.com/grids/g/authentication/
Why not give rauth a try? We use this in production for this exact purpose. Although you don't need to require the user to login with your app via the provider, you're going to redirect to the provider, where they'll be asked to authenticate your application. Assuming they accept (or even if they don't), they'll be redirected back to your application, i.e. via the redirect_uri or oauth_callback, there you'll ensure they authorized your app and then proceed with whatever housekeeping you need to do, e.g. saving some info about the user in your database. Try the examples and also pay particular attention to the Facebook example. Now the Facebook example is intended for authorization with the example web app, but the same pattern can be used for what you're trying to do. (You just won't be having them login in via Facebook, for instance. However, the flow can be and probably should be identical, sans database operations and template login lingo.)