I'm building a Django web app with django-allauth handling user authentication.
As title, how do you expose a RESTful API to authenticate users from a Chrome extension? Taking into account of both:
locally stored username & password hash string pairs and
third party social log-in providers?
What is the best or simplest way to do this?
I found the best solution to be Django-Rest-Framework.
I installed DRF, and wrote a serializer for my User model and an API view to handle token authentication.
Related
I want to make a login functionality on my app. For this I want a login endpoint.
Does django REST have a built-in endpoint or view to login?
(I will only be using it for BasicAuthentication).
I found many ways online but they were for TokenAuth but I just want BasicAuth
I have created a Django backend for my flutter app. I have used the Django rest framework to connect two. Now for user authentication, I am using firebase on my flutter application. It's working fine.
Now since the user management is done by firebase, how can I add a user to my Django backend when the user signup through my app to firebase. I want firebase to handle the signup/sign-in process but also want to create a user profile on my Django server which contains information about the user's address, profile pic, orders, payment history etc.
Also, I want Django to know if the user is authenticated with firebase while calling API requests. How can I make Django handle such requests?
I'm building up an app that should allow the user to sign up / sign in with Facebook and then he should be able to login (always via Facebook) to the "main" website
To be honest it's a bit more complicated than this. That's because I'm using django-tastypie and django-allauth in the main website to allow sign up, login, and browsing of our API
Basically I want to make the mobile app user browse the tastypie API (accessible only if logged and if you're an user in the main website) and grant him the rights to add rows (like orders)
Here's what I have
A phonegap app with a working Facebook login (I'm working on that right now)
A website with django-allauth and django-tastypie that makes me register as a new user using the allauth's Facebook login
No trace on the main website if the mobile user is doing a sign up via Facebook (this is the problem)
I'm basically confused how I should work with access tokens and how to pass further parameters (I don't need only the Facebook infos to complete the registration, but some custom fields too)
Anyone got experiences on this or would like to expose his workflow?
One common way of doing things is to leave all registration related functionality up to the website. In your phonegap app you can simply point the user to /accounts/login/ using the In-App-Browser (IAB). The IAB has events like loadstart and exit that you should monitor. A simple way of monitoring whether or not the user is successfully logged in is to have him redirected to a specific url, say /accounts/login/complete/, at the end of the login. If you attach a token to that return url (as in /accounts/login/complete/?token=123) you will be able to parse that token in your app. You could simply use the session ID as a token.
A more secure way is to use the django-oauth2-provider app and actually implement a proper oauth handshake. Handling that is almost the same. Using IAB open /oauth/authenticate/, you will be asked to login using allauth, then an oauth2 confirmation dialog appears, after which the oauth grant code is passed to a success URL. You can pick that code up from phonegap and using AJAX calls from within the phonegap app you can fetch the oauth access token. Btw, django-rest-framework has builtin support for django-oauth2-provider (don't know about tastypie).
A completely different approach is to implement a Facebook login in your mobile app, completely independent from the web site. Once logged in you'll be handed over a Facebook access token. Now, you can send this token over to the web site. Given the token, the website can fetch the user (https://graph.facebook.com/me?access_token=...), check whether or not that user is already known, if so return an appropriate token/session for that user, if not, create the user account and also return a token.
I am familiar with using django's built-in auth to create a new user that has an email and password, but I would like to create a new user that will only use Twitter to login. From what I can tell, django-social-auth associates the twitter account with an existing Django User object. In my case, there will not be an existing Django User object, as Twitter will be the required method for logging into the site. Should I abandon django's built in auth? Or is there a good way to extend it to do what I want? Thank you for any suggestions.
django-social-auth extends django built-in auth. django-social-auth will create it self a new user whem your Twitter user will be successfully authenticate. You can read about django-social-auth features:
Basic user data population and signaling, to allows custom fields values from providers response.
Multiple social accounts association to single users
Custom User model override if needed (auth.User by default)
Extensible pipeline to handle authentication/association mechanism
I need to authenticate on some of atlassian services(wiki for example) and on AD(ActiveDirectory). The problem is I don't know how to make authentication in different back-ends so user input password and log-in only once and then backends authenticate user on different services. As I read in docs - django iterates through list of backends till user wouldn't be authenticate on django site. Or maybe i at all think in a wrong way?
How should I login on other services? I know about CROWD but guess it doesn't cover functionality for login on my MSSQL DB.
you can customize authenticate mechanization by provide your own back-ends.
see https://docs.djangoproject.com/en/dev/topics/auth/customizing/