I am developing API using django-tasty-pie and wanted to know which library to implement to get the OAuth working for basing username/password. I want to use this API to do calls from an Android app and a chrome app that would do the user registration. I know about django-social-auth. But I am not exactly dealing with social auth here. Just basic OAuth would do.
To get a feel for landscape read this blog post: http://pydanny.com/the-sorry-state-of-python-oauth-providers.html (it also lists all the alternatives).
I looks like Idan's library is most up to date: https://github.com/idan/oauthlib
The post in the accepted answer stated the following at the addendums to the article:
07/07/2013 - Please consider
https://github.com/evonove/django-oauth-toolkit for use as a
Django-powered OAuth provider. The team behind it is doing it right!
Related
I am a nodejs developer but currently migrating to django(being a python lover). I am trying to implement OAuth2 in Django Rest Framework but I don't know how to start.
In nodejs, there is passportjs library which is well maintained, and it's got stratigies for every possible authentication type. What about django rest framework ? User name/password auth seems straightforward but oauth2 is not well covered.
In DRF docs here, It mentions two libraries for oauth. The first is django-oauth-toolkit which is well maintained but after going through docs, I didn't seem to understand much, it doesn't even talk about googl/facebook oauth. I am not sure what it is used for, anyway. The second one is django-rest-framework-social-oauth2 which seems to be straightforward but it's not been touched for over a year, it's probably not maintained any more.
So, How do you guys do oauth2 in your DRF projects ?
I hope you have solved this already. You can check my repo: It offers a simple way of authenticating against major ouath2 vendors. Here it is https://github.com/wagnerdelima/drf-social-oauth2.
You can also check my other repo https://github.com/wagnerdelima/facebook_setup. It integrates https://github.com/wagnerdelima/drf-social-oauth2 as an example to make it easy for newcomers.
I am a beginner in the world of the OAuth2.0 and OpenID Protocols. I would like to implement a custom server - provider for multiple applications. So, to use it for Single Sign-On (SSO). I would like to work with python. Till now I have found four packages, for an OAuth2.0 and an OpenID Connect server implementation, in Python: pyoidc, django-oidc-provider, Django OAuth Toolkit (DOT) by OAuthlib and Authlib. I tried to read and understand pyoidc, but it was not so helpful and easy, basic things were missing. I have tried django-oidc-provider and I was really satisfied, and the whole implementation was really easy. So, after those trials, I am left with Django OAuth Toolkit (by OAuthlib) and Authlib. Has anyone tried them? Are these packages the same? Is Authlib an updated version of the OAuthlib library? The only information I know till now, is that Flask-OAuthlib is deprecated, and Authlib is was its new version.
*Every answer or advice or personal experience would be really helpful and always appreciated!
Thank you again for your help.
After some research, I concluded to work generally with JWTs. As before, I would like to work with a GraphQL API, so I am searching for solutions about JWT authentication on it. I maybe use Passport.js (passport-jwt) or something else for Python. All the libraries mentioned above possibly will be not used.
I will just redirect the user to my main application, authenticate them with JWT, and then return the JWT back to the application. In the future and after deployment, I might also implement an OAuth2.0 provider for my website. Although those packages did not really help me, I would recommend Django OAuth Toolkit (DOT) and django-oidc-provider to others. But, also I learned that django-oidc-provider only supports the implementation of a small and simple OAuth2.0 provider. Django OAuth Toolkit comes with lots of options for implementing an advanced OAuth2.0 Authentication Server (AS), including Authorization Code flow with PKCE (Proof Key with Code Exchange), which is the most secure flow. It is also scalable and has great documentation with lots of customizations if you want.
*I sent an email to the support of Authlib, and of course no one has answered to me after a week.
I'm looking for a quick books oauth implementation in my app, i was wondering if there are any third party libraries which i can make use of instead of implementing on my own. I don't see a sample sdk for django in their website.
Have you checked django-quickbooks?
I have followed a number of tutorials and examples on the web to setup and use django piston. They all work flawlessly, until i try to integrate oauth authentication. I have been working against the following examples:
http://blog.carduner.net/2010/01/26/django-piston-and-oauth/
http://github.com/clemesha/django-piston-oauth-example
Yet both of these seem to fail to include examples of the required oauth templates and views. It is quite likely that i'm just not implementing it properly, so any advice would be hugely helpful.
In summary. I have a working django piston setup (that returns / inserts data). What i am struggling with is a definitive guide to integrating oauth authentication. I.e. what do i need to install, which views, settings, url patterns and templates do i need to create?
Thanks
If you're using a released version of Piston, you might be interested in how we implemented OAuth in Snowy, our AGPL web app for Tomboy notes:
http://git.gnome.org/browse/snowy/tree/urls.py#n48
http://git.gnome.org/browse/snowy/tree/api/urls.py
http://git.gnome.org/browse/snowy/tree/api/templates/piston/authorize_token.html
http://git.gnome.org/browse/snowy/tree/api/handlers.py
The OAuth views are bundled with piston (in the released version).
I have yet to upgrade to prencher's improved OAuth fork (which will apparently turn into 0.3 soon?), but here are his instructions if you are using his code:
http://groups.google.com/group/django-piston/msg/5a148c8e33654c5d
(make sure to read all of his responses in that thread, as he makes some clarifications)
I'm trying to get authenticated for receiving and publishing Google Buzz-es from a Qt 4.6(c++) application. I'm looking for a cross-platform solution.
Could anyone provide some working solution for this purpose?
You can also try kQOAuth which is a new Qt library for doing OAuth authentication. It will let you do the user authentication very easily too, if you like.
Supports OAuth 1.0 and HMAC-SHA1. No external dependencies.
http://www.johanpaul.com/blog/2010/10/introducing-kqoauth-easy-and-powerful-oauth-library-for-qt/
I couldn't find any either, so I made one: https://github.com/pipacs/steps/tree/master/o2 . Based on KQOAuth, tested with Google Docs.
Quick google search gave me QOAuth, which is a Qt lib and liboath which is a C based API.
I'm using QOAuth, you have to do some hack before you can use QOAuth in windows.
So far, I could get the request token from Google, and let the user authorize it.
But when I try to get the access token with the oauth_verifier, it keeps telling me the signature is invalid.
Anyway, I've used QOAuth to deal with other SP successfully. So the QOAuth is the solution.