Authentication Required
The server http://api.mailgun.net:443 requires a username and password....
I am new in mailgun, and I dont understand that where I can find those username and password.
Can any one help me please ???
This really isn't an appropriate question, but ...
"When you sign up for an account, you are given an API key. You authenticate to the Mailgun API by providing your API key in the request. You can manage your API key in the ‘My Account’ tab of the Control Panel.
Authentication to the API occurs via HTTP Basic Auth. Use api as the user name and your API key is the password."
https://documentation.mailgun.com/api-intro.html#authentication
Related
it is possible to login a user from firebase jwt to django if so, what is the tools needed to login a user? Thanks
It sounds like you want to use the Firebase Authentication status of the user to authorize them in your Django code. This is indeed possible, and described in the Firebase documentation on verifying ID tokens. The process is:
Retrieve the user's ID token (a JWT indeed) on the client, as shown here.
On the server, either use the Admin SDK or use a 3rd party library to verify the ID token.
Use the information from the token to determine whether the user is authorized to perform the action they're requesting.
I am new to Django and working as an intern for a company. I have been tasked with creating an internal software for them to use. The software needs to have a log in system for the employees. However, the company already has an auth api they use for other products. How can I make use of that api to log the users on? I have searched for an answer for a while and I couldn't find one.
The auth api has an endpoint called '/token' which is used to validate the email and password.
I'm guessing I need to remove the 'django.auth' stuff from settings, but I have no more insight into this than that. Any help would greatly be appreciate.
Below is the swaggerhub documentation for an endpoint of the api:
/token:
post:
summary: Generate a new token (aka login)
operationId: createToken
tags:
- authentication
description:
Login using email and password, and retrieve a newly created bearer token to access our APIs.
Alternatively, use a token to create another one.
You need to create an Authentication backend which will check the given to tokens in your existing token database.
See Customizing authentication in Django
I have a dataprovider with a REST service. They said that the authentication goes as follows:
1. Username and Password are passed in the request header
2. If the authentication is successful I get a token which I have to store and use this token to make further requests.
Now I started reading into REST Authentication and just do not understand what kind of authentication they use. I guess I have missunderstood something, so please correct me.
There are three kinds of authentication
1. Basic Authentication (sending username and password base 64 encoded in the header)
2. OpenID (here I send my username and password to a provider to receive a token)
3. OAuth (The caller is identified with a trusted token to let application call another application on a end-user's behalf without requiring the calling application to store the users's username and password)
I cannnot see, where to classify my providers method. 1. I am not sending UserName Password everytime. 2. I do not use a provider, 3. I am not doing application calls and do not use only tokens. Could anyone help me here?
When you send username and password to provider if correct, provider will create a token for this user and this token will be sent to you by provider.
After this, you can use this token in any session and you can check only this token for expiration, you do not have to send username and password everytime.
From the posts about REST services, I see that it should not be used sessions together with REST, and with every request there is need to send user credentials to the REST service. But I don't see that somebody continues then how to make the authorization in next requests after login.
In my project, I authenticate (login) the user, checking his credentials from database server.
If with every REST request also comes user credentials again, does this mean that, for any need of authorization after login, I need to check the credentials again from the database?
This means, after login, with almost every click and surfing pages, I need to access to the database to check the user credentials, just like I do it for login.
Or...
Am I missing some thing?
Is there another way to remember in the server side that the user had already logged in before and thus is authorised?
Do I keep some secret key related to the user in the server, and then check this etc.? But, does not this mean keeping a session?
REST => Not Session => Send credentials with every request
Does the above mean, => Authorize the user just like in the authentication ?
Or what are other alternatives?
Thank you for clarifications.
I think that this is the best approach:
REST => Not Session => Send credentials with every request
Take a look on OAuth. The version 1.0 may be useful for you.
Spring Security already have implementations for OAuth in Java.
If with every REST request also comes user credentials again, does this mean that, for any need of authorization after login, I need to check the credentials again from the database?
You have to authenticate user on each request, but whether authentication uses database or not depends on implementation. By the way, you also have to then authorize the request for the authenticated user.
Do I keep some secret key related to the user in the server, and then check this etc.? But, does not this mean keeping a session?
You can have some secret key known only to the user as an alternative to username-password pair and use this secret key for authentication.
The presence of a secret key doesn't mean keeping a session, because it is not necessarily change on a per session basis.
In my project, I authenticate (login) the user, checking his credentials from database server.
Login is not authentication, it's usually a request for a secret key / session key done using username-password pair for authentication
I need to get the facebook friends email ids of a user providing his login email id and password. That is, if we enter the facebook login email id and password we need to get the friends from facebook. So far i was only able to get the examples which uses Api_Key and Api_Secret. Even the Graph api is using Access Token. Is there any way to access the friends using email id and password? Please help.
This is against Facebook's Terms of Service. Specifically policy I.2:
You must not include functionality that proxies, requests or collects
Facebook usernames or passwords.
Also, you would be required to use the Facebook API which does not provide access to friends email addresses.
You'll need to ask your users to authenticate using the Facebook API. You shouldn't be collecting email and passwords on behalf of users. However, if you ask for offline access, then when you do this, you can access the data any time.
Facebook uses oAuth, so you and your application will never see the password of the user that you are getting permission for. oAuth (used by Twitter and Google as well) requires a bit of a handshake to get authenticated, but once you do, you can get permission from the user to do whatever you want, as long as they accept.
Check out https://developers.facebook.com/docs/guides/web/#login for more on how Facebook does authentication.