I'm relatively new to Django and OAuth, so forgive me if this is a silly question.
I have an app which uses DRF and python-social-auth. Currently users can only authenticated with PSA, with Google OAuth 2.0 as the backend service.
Up until now, I have only had 'rest_framework.authentication.SessionAuthentication' as the only authentication backend, but now I need to support a very specific use case:
We need to have an automated job (a completely separate app, sitting on another server), that queries my app's REST API every X hours, to get some data from my app. Then this automated job will push the data to other sources (not relevant for this question).
I'm trying to figure out the best way / best practice for how this automated job should authenticate with DRF. The automated job is not really associated with any specific user. I suppose I can create a dummy user for the automated job to use, but that seems hackey. Also, I'm thinking that the automated job should request an Oauth token from DRF and authenticate with that, but I'm not sure if that is the right approach here.
Any input here would be useful. Thanks!
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
I have Web application with VUE as frontend stack and Django DRF as backend stack I want to enable the feature that if someone is login from one system he/she can't login from other system unless and until logout from previous session is there any proper mechanism to do so
TL;DR I wouldn't even bother trying. But if you want: use websockets and keep track of the number of users connecting to a single endpoint.
It's not fool-proof since these are just tokens which means anyone with a terminal and curl can still access whatever REST API you have.
I think you have to understand how most people are using Vue, React, and other JS frameworks with Django. They're most likely not using SessionMiddleware and using something like djangorestframework-simplejwt (disclaimer: I help maintain it, and I've got a slight bias against JS frameworks + Django).
The problem lies in how authorization works, namely stateful and stateless. In your case with these token authentication methods, you've got stateless tokens that are verified only by signing, and not by anything backed by a database/cache on the server. So we don't actually know how many tabs the user has opened.
In SimpleJWT, we have something like token Blacklist, but it won't really help that much.
So the solution is to use websockets. You can keep track of the number of users connecting to a single endpoint (after authorization and authentication. You can use something like Django channels) by creating a cache key (backed by a service like Redis or Memcached in production, local can use memory/dummy) and incrementing and decrementing by the number of connections and disconnections.
That way, you have something on the server to backup all these claims.
It's not fool-proof since these are just tokens which means anyone with a terminal and curl can still access whatever REST API you have.
I am building a web app with a Django backend and React/Redux frontend running on separate servers. I have begun to try and start working on authentication and I cannot find a tutorial that suits my needs. Every tutorial either uses deprecated modules like drf-jwt (as opposed to simple-jwt) or has a simple mono-server that houses both the backend and the frontend in one directory. The former is useless and I do not want to do the latter as I like having the two separate servers for when I move on to deployment. Now can someone direct me to a good source of knowledge for getting this done? It doesn't have to be a tutorial it can be anything. I am really lost and I do not know how to begin.
you can use 3rd party packages djoser: Provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. for more information: https://pypi.org/project/djoser/
I'm using token authentication from Django Rest Framework so, after a login/password verification, the token on response can be used on any DRF endpoint.
I'm working on a flask web application using flask-login for user authentication.
Now the current layout is going through some changes and it was decided that some of the components should obtain data from the server in order to update on user request.
I intended to create some api routes but I'm not sure how should I now handle user authentication accessing these routes.
I'll be happy to hear what's the best practice in these cases.
Thanks
I'm new to Django and relatively new to OAuth. I'm building a Django app that's basically aiming to be a wrapper around Google Drive that implements tagging and user permissions. A few users who have important documents share them with the service account, and then the app provides a nice interface.
I'm generally confused about how to organize this, since Django seems to have many, many moving parts.
The app needs to almost constantly be authenticated with and talking to the Google Drive API.
Where does this authentication go? A model? Is it part of a site template that gets inserted on every page?
Here's sample app of integrating Django with OAuth2. You especially want to take a look at this file where it saves user credential using Storage class. There is also a documentation with better explanation about how OAuth flow with Storage works in Django.
To answer your question, you would want to define credential at Django user profile in order to save it easily associated with users. Also, your OAuth flow (creating auth url and authenticating) works at view.