Proper authentication with a Django REST API through OAuth2 - django

For my application (in ionic, so Angular) I need authentication on my REST API powered by Django (1.7). And I want Google/Facebook/Twitter/Classic authentication through OAuth2.
The problem during my researches is that there are a lot of Django packages available, some have some problems with Djangon >1.6, some are incompatible with serializers and some seem poorly developed or received their last commit a year ago. And with some other, I'm lost in the documentation.
Do you have any suggestions of OAuth2 packages in a REST Django API (>=1,7) with serializers?
I've already tried (for the main ones):
django oauth toolkit
django oauth plus
rauth
Do you have any good tutorials on those ones (still in Django API (>=1,7) with serializers)?

Related

Can I use django as frontend and have a login system with Token Authentication

Well, this question is for the ones who has experience in working with Django.
I'm new to Django and I have been studying Django, still I want to build an webapi with Django as backend and frontend, with a token authentication. Is that possible, and logical? I have been watching tutorial and reading documentation. Everyone who creates an api full django, creates a basic authentication. And, I want to know if is possible to create a more secure authentication with django as frontend. Thank you.
Generally speaking: yes, you can do that - but not with django alone. Also don't know every possible solution, but you can do this with the Django REST framework.
Here are some links to the documentation:
Django REST framework - Homepage
Django REST framework - TokenAuthentication
I personally use JSON Web Tokens in combination with Django and Django REST framework:
Simple JWT

Angular 6 and DRF Django Social authentication

I'm using Angular 6 for the front-end and for the back-end I have Django. I connect the front-end and back-end with Django Rest Framework. I need to implement social authentication with (Google, Facebook, LinkedIn). right now I'm using angular-6-social-login. But I don't know how to implement it in the back-end.
use this package https://github.com/RealmTeam/django-rest-framework-social-oauth2
It is one of the packages listed on the Django Rest Framework documentation https://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit

Stormpath for Django Rest Framework

We are using Django Rest Framework to build API's that feed AngularJS apps. The intent is to use Stormpath for oauth2 authentication and for storage of backend authorization information. However, all of the examples that I have found using Stormpath with Django are for Django web pages (not REST API's) using username and password, not tokens.
How do you integrate Django REST Framework authentication with Stormpath using oauth2?
In this case, you'll actually be relying on Django Rest Framework for the OAuth2 support -- not Stormpath at all. Stormpath will only provide the User model that DRF uses in the backend -- nothing more.
This was a design decision we made to help simplify the data model.
I'm currently looking into ways to add OAuth2 as a first-class Stormpath feature in Django, but that's a ways down the line currently.

Connect with Facebook in Django Rest Framework + Django Social Auth

I'm using Django Social Auth for connect with Facebook issue and it works perfect. I have developed an API for my Django app with Django Rest Framework. But I'm confused about using Django Social Auth with Django Rest Framework for iOS devices.
I have searched 1, 2, 3 and 4 but they are generally with Angular.js. I'm not familiar with iOS development.
What is different between facebook connect with spa and a mobile device? * How could I use these packages together?
May I migrate from django-social-auth to python-social-auth?
You can now authenticate your users against your django-rest-framework with bearer tokens/third party access tokens from any python-social-auth backend (Facebook, Google, Github, etc.) using this library https://github.com/PhilipGarnero/django-rest-framework-social-oauth2
This module provides a python-social-auth and oauth2 support for django-rest-framework. Thus this saves you a lot of time to setup what is required to have your DRF with social authorization and to be OAuth2 secure.
I think that you can achieve that using django rest framework, django-rest-auth and allauth.
Those three work nice together.
With django rest framework you already familiar.
The allauth is responsible for the social authentication.
The django-rest-auth responsible for create the RESTful api for the social authentication, i.e. the connection between django-rest-framework and allauth.
It is recommended that you let python-social-auth handle the Facebook login for you, and instead you use another OAuth plugin for Django REST Framework to authenticate with Django. This has the added benefit of also supporting non-Facebook login through the standard Django authentication system.
I'm confused about using Django Social Auth with Django Rest Framework for ios devices.
I recently answered a similar question about implementing authentication with python-social-auth and Django REST Framework. It includes some important points to read about when implementing authentication using a third party along with some important notes about how you should not pass the third-party OAuth tokens back to your client.
How could I use these packages together?
While that answer specifically mentions using OAuth as the authentication method for the API that is behind python-social-auth, you can use other authentication methods that internally use Django authentication system, such as TokenAuthentication. In any case, you will end up proxying authentication between your front end application and your third party authentication provider, using your back end API.
What is different between facebook connect with spa and a mobile device?
Facebook provides direct integration with some mobile operating systems, most notably iOS and Android. This bypasses your API for authentication, and directly authenticates your mobile application with Facebook. Ideally, it would be authenticating your back end API instead of the mobile application. This may still be possible to do if you pass the access token back to your API manually, essentially doing the same thing that python-social-auth would be doing, but that could be risky and may not be worth the extra effort.
Facebook Connect (now known as just Facebook Login) works in a similar way to how Facebook integration works on mobile devices. The one difference that may work in your favor is that it's very easy to move from Facebook Login for single page apps, to an OAuth-based authentication pattern. This is documented in the Facebook developers documentation as "Manually Building a Login Flow" and is compatible with libraries that support OAuth-based login, like python-social-auth.
May I migrate from django-social-auth to python-social-auth?
This shouldn't be an issue anymore, as python-social-auth has effectively replaced django-social-auth.

How to build RESTful Webservice API for PhoneGap application using Django and Mongodb?

I want to build a RESTful webservice api handle phonegap application request.
I am familiar with Python and Django.
Restful webservice is a social network like Twitter, required to use Mongodb. Everyone can post status photo from mobile app to server and can follow anyone. I have read about django-tastypie to build restful api but I want to use mongodb. About mongodb driver for django I have read mongoengein.
What about commbo django + django-tastypie + mongoengien? Is is suitable for me?
There is this https://github.com/mitar/django-tastypie-mongoengine . Weather the tastypie model is the right choice depends on many factors, but it's ability to create a standards compliant REST that works with backbone.js will continue to encourage use. It's pretty nice to extend as well - taking alot of inspiration from the way you define ModelAdmins in django. Not having to come up with your own authentication system or integrate oauth by hand is appealing (but sometimes an existing authentication is required if you are building this into an old application).
I have tried to implement basic API endpoints with plain mongoengine and ran into many serialization issues (ObjectIDs and many other fields) and inability to get relations or easily or control the inclusion and detail of embedded documents, so it is worth at least putting some time into evaluation and tinkering with Tastypie. Like the mongoengine django admin - you wont find 100% seamless recreation of the SQL version but rolling your own solution here is a high level of effort.