I'm new to Django and relatively new to OAuth. I'm building a Django app that's basically aiming to be a wrapper around Google Drive that implements tagging and user permissions. A few users who have important documents share them with the service account, and then the app provides a nice interface.
I'm generally confused about how to organize this, since Django seems to have many, many moving parts.
The app needs to almost constantly be authenticated with and talking to the Google Drive API.
Where does this authentication go? A model? Is it part of a site template that gets inserted on every page?
Here's sample app of integrating Django with OAuth2. You especially want to take a look at this file where it saves user credential using Storage class. There is also a documentation with better explanation about how OAuth flow with Storage works in Django.
To answer your question, you would want to define credential at Django user profile in order to save it easily associated with users. Also, your OAuth flow (creating auth url and authenticating) works at view.
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
I creating an app in which the authentication is done via web services of another app.
But as I m trying to understand how things will work, I m trying to figure out how I can store each user data and posts to them if I m not using Django auth and then linking the models via forgien keys.
All standard login's with other apps are done using a standard called OAuth2; Oauth2 standard allows you to login to apps with other services (Facebook, Apple, Google) while just storing a random token (not sensitive data).
Here is a Django library that makes using authenticating/logging into your app with another app's credentials super easy and secure using Oauth2.
Good luck, LMK if you need anything else!
The Google APIs python client has special support for the Django and in the examples given by Google (https://developers.google.com/api-client-library/python/guide/django), the class oauth2client.django_orm.Storage is used to store and retrieve Credentials objects.
However, I find lots of examples (https://github.com/jgmize/django-google-drive/tree/master/gdrive/gdoauth2, https://github.com/praekelt/django-google-credentials/tree/master/google_credentials ,etc) put the Credentials in a CredentialsField field of the user's profile,and it is saved into the database.
What are the advantages / disadvantages of the two methods ? Are there preferences ?
Thanx.
To implementsign in with google feature you can use django-allauth
https://django-allauth.readthedocs.io/en/latest/
it provides easy to integrate set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.
https://django-allauth.readthedocs.io/en/latest/providers.html#google
I am trying to build an application that will use data from multiple social services. The user will need to authorize their accounts to be accessed across these multiple services (e.g. facebook, twitter, foursquare) using oauth.
I don't really need the users to login with these accounts, really it is just allowing their data from the api to be pulled.
I know I need to use oauth, but I am having trouble finding a basic example of how to do this type of thing (a lot of examples exist for logging in with oauth).
I have been trying the python-oath2 library.
Does anyone have any recommendation for a good tutorial or example of doing this type of thing in python, and if possible django.
Thanks.
Why reinvent the wheel? There is a plethora of reusable applications that have this implemented. You can find a comparison here: http://djangopackages.com/grids/g/authentication/
Why not give rauth a try? We use this in production for this exact purpose. Although you don't need to require the user to login with your app via the provider, you're going to redirect to the provider, where they'll be asked to authenticate your application. Assuming they accept (or even if they don't), they'll be redirected back to your application, i.e. via the redirect_uri or oauth_callback, there you'll ensure they authorized your app and then proceed with whatever housekeeping you need to do, e.g. saving some info about the user in your database. Try the examples and also pay particular attention to the Facebook example. Now the Facebook example is intended for authorization with the example web app, but the same pattern can be used for what you're trying to do. (You just won't be having them login in via Facebook, for instance. However, the flow can be and probably should be identical, sans database operations and template login lingo.)
I would like to have my application http://app.acquee.com/designer to accept a google account as a login. I found a bunch of libs for django but most work on top of existing Django authentication system that I do not use. I have my own set of user tables where I keep user info and privileges.
Any suggestion on how to integrate that with the Google Openid?
Seems I will have to do it manually using python-openid. Or could I use django-openid?
However, with the latter, I don't even know how to issue the discover command.
Regardless, I get stuck on google's step 5, sending a login authentication request (optionally with OAuth parameters) to the provided endpoint address. Can someone provide a sample request? is it a GET/POST? content?
Cheers
You can try https://launchpad.net/django-openid-auth - I'm using it in a commercial project, for both regular Google Accounts and Google Apps accounts. I remember that it was the most convincing one at the time I was doing a review, although I can't give you any details now due to my short memory. Anyway - it's working great.