I have an application which use rest-framework for communication between client (javascript mvc) and server(django) and I want that this communication will be allowed only for logged users and my users will be able to register via my custom registration and also to login via google or facebook or anythong else.
I am able to complete OAuth2 flow and now I have access token from google/fb and profile info.
But I am really really confused what to do next, of course I can create user instance, but I dont now where to store access token, or if thats even necessary.
Whats recommended approach? Should I use access token for accessing my APIs like this?
curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/...
or should I login new user, create new session for him, which then I send to client and use sessionAuthentication? Or anything completly else?
I cant find any example of doing this :(
I checked OAuth2 part of rest framework doc http://www.django-rest-framework.org/api-guide/authentication#oauth2authentication but It looks like mentioned django-oauth2-provider is only for creating my own OAuth2 system.
Im sorry if it sounds like stupid question, but I really appreciate any advice.
Related
i want to read all Users from a realm via rest api and postman. If I send http://localhost:8080/realms/{realm}/users i get no response.
Does anyone know a tutorial on how to use the api? I also want to add users, which does not work with the api.
I read the keycloak api description, but I don’t understand what I have todo.
Thx
The official documentation does not describe it very accurately.
You can try this api
http://localhost:8080/auth/admin/realms/{realm}/users
add "auth/admin" after your host address.
Access to this api requires admin access_token.
The process of getting an access to Keycloak REST API is described in the Server Development Guide - Admin REST API.
https://www.keycloak.org/docs/latest/server_development/index.html#admin-rest-api
You need first to obtain an access token from Master realm and then using this access token submit a request to realm you want to get users from.
Make sure to use "client_id=admin-cli" parameter when requesting the access token from Master realm.
I'm trying to connect my website's API and mobile app. I need to authenticate the user with google account but I don't know how to do it.
I created the backend with Django. And I set the endpoint as rest-auth/google/. On the restframework's page, it requires Access Token and Code but honestly I don't get how I can test if it actually works using actual google account.
I want to test from mobile app but I don't understand how and what I need to POST.
Anyone could give me tips?
I would recommend you to use a ready solution like "django-allauth".
If you want to do authentication yourself you might want to read Google's documentation about the topic:
https://developers.google.com/api-client-library/python/
In nutshell you create API credentials:
https://console.cloud.google.com/apis/credentials
Send a user to a link with specific parameters (api-credentials, scope, redirect link etc). Google client can help you to generate it.
A user will login in his account as he would normally do and will give your app permissions to use his information (or won't). After that he will be redirected to the link you specified with GET request with a code as a parameter (or error).
With help of Google client you can exchange the code on a token and then use that token to get information from his profile.
Let's say I have an AngularJS application that consumes the REST API of a Django application.
The Django application has got a built-in OAuth2 provider that can be called to retrieve an access token and use the protected endpoints of the API. This provider is using django-oauth-toolkit.
Let's assume there is a registered client with "password" grant type, so that the end users only need to provide their credentials in the front-end in order to get an access token from the back-end.
At some point we want to add some support for social networks login and we decide to use python-social-auth (PSA) to that end. Here is the workflow I want to achieve:
The user logs in on Facebook from the front-end (via the Facebook SDK) and we get an access token back from the OAuth2 provider of Facebook.
We send the Facebook token to an endpoint of our REST API. This endpoint uses the Facebook token and django-social-auth to authenticate the user in our Django application (basically matching a Facebook account to a standard account within the app).
If the authentication succeeds, the API endpoint requests an access token from the OAuth2 provider for this newly authenticated user.
The Django access token is sent back to the front-end and can be used to access the REST API in exactly the same way that a regular user (i.e. logged in with his credentials) would do.
Now my problem is: how do I achieve step 3? I first thought I would register a separate OAuth2 client with Client Credentials Grant but then the generated token is not user-specific so it does not make sense. Another option is to use the TokenAuthentication from DRF but that would add too much complexity to my project. I already have an OAuth server and I don't want to set up a second token provider to circumvent my problem, unless this is the only solution.
I think my understanding of PSA and django-oauth-toolkit is not deep enough to find the best way of reaching my goal, but there must be a way. Help!
I managed to get something working using urllib2. I can't speak towards whether or not this is good practice, but I can successfully generate an OAuth2 token within a view.
Normally when I'd generate an access token with cURL, it'd look like this:
curl -X POST -d "grant_type=password&username=<user_name>&password=<password>" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/
So we're tasked with making urllib2 accomplish this. After playing around for some bit, it is fairly straightforward.
import urllib, urlib2, base64, json
# Housekeeping
token_url = 'http://localhost:8000/auth/token/'
data = urllib.urlencode({'grant_type':'password', 'username':<username>, 'password':<password>})
authentication = base64.b64encode('%s:%s' % (<client_id>, <client_secret>))
# Down to Business
request = urllib2.Request(token_url, data)
request.add_header("Authorization", "Basic %s" % authentication)
access_credentials = urllib2.urlopen(request)
json_credentials = json.load(access_credentials)
I reiterate, I do not know if this is in bad practice and I have not looked into whether or not this causes any issues with Django. AFAIK this will do this trick (as it did for me).
frontend dev here with no experience with SSO so bear with me. Keen for a high-level recommendation on the following as I can appreciate it may vary.
We've got a client setting up SSO to login to our site, and Im trying to understanding how I can safely call their webservices for user info from our domain via AJAX. Looking at their services they're asking for a User ID and Password which I dont think is usable/feasible as I assume our system would need to expose the password to the frontend which doesnt seem secure... They mentioned they could pass these via http but that doesnt seem secure either!
Is there some sort of way we can validate the webservice all via SSO or is there some other way?
Thanks
Further my comment, we're pushing ahead with using the shared encryption method used for our SSO (TripleDES in ECB mode) to encrypt the token in the webservice request
Oauth is pretty complicated but I think I got the authentication working. I got up to the point where I get the user to authorize on Twitter and I have the access token and access token secret. From here, I'm not sure how I use it to generate a request to follow a user.
I know that the url is: http://api.twitter.com/1/friendships/create.xml and that you can either pass in a user_id or screen_name
but does anyone have any example code in Coldfusion that I can see as to how the cfhttp call looks like with all the parameters?
Thanks in advance.
Try (monkeh)Tweet Twitter API. It supports most of the twitter API methods including follow a user. Easy & freaking cool CF open source by Matt Gifford