I want to implement a web app with a SOA design. I am thinking of using celery in conjunction with Django to do this. But I have some questions:
Is this the correct way to go in order to implement a SOA design for Django
Assuming that this is the way to go, how would I accomplish authentication within the Django framework. Specifically, I would like authentication to be decoupled with a producer and consumer pattern. That way, a REST api (or anything for that matter) can be used to produce the authentication credentials, and a consumer (within the Django framework) can be used to read and act upon the credentials.
Again, should I do the above with Celery in Django?
A message queue (such as rabbitmq brokered by celery) is a perfectly fine way to handle communication between SOA components. Additionally, if you need real-time communication without sharing databases between services, REST is basically made for this. There are several options for implementing REST services on top of Django, with Tastypie and Django-Rest-Framework being popular choices.
As for passing authentication between components, Django has several options for this. Contrary to popular opinion, the Django authentication framework is extremely flexible, supporting authorization/authentication against anything you can write a backend for. See https://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend for documentation on this.
There are numerous examples of this already:
Consume ZenDesk's SSO: http://www.jongales.com/blog/2009/05/12/zendesk-remote-authentication-with-django/
Consume SSO from numerous social networks: django-social-auth or django-allauth
Consume LDAP: http://packages.python.org/django-auth-ldap/
As for publishing auth, there are fewer options, but these include:
SAML: https://opensourcemissions.wordpress.com/2010/08/19/django-saml-2-0-identity-provider/
Oauth: http://djangopackages.com/search/?q=oauth
I strongly suggest using a provider package already built and tested over rolling your own. Implementing SSO is deceptively tricky.
Django is not really built for SOA. In the case of authentication, Django has a well-defined authentication framework that will easily allow you to reuse it across Web, API, etc.
Generally speaking, if you want the flexibility to define your own architecture, Django probably isn't for you. You might want to consider something more minimalist like web.py.
Related
We are trying to integrate a Django application with an OpenID Connect (OIDC) provider as a Relying Party. The provider isn't a major vendor, and thus doesn't have custom-built packages, so we are leveraging Authlib. This works, but I'm stressed about the amount of custom code we are having to put in to manage the session and redirects and whatnot.
I have experience in the Ruby and Node.js worlds, and those communities have the general-purpose authentication tools OmniAuth and Passport, respectively. Is there an equivalent for Django?
Closest I've found is mozilla-django-oidc, which I may try — curious if there are others I'm missing. Surprised I haven't come across anything that hooks into the Django authentication system.
Thanks!
I am starting a project where there'll be a bunch of microservices in Django. I want to implement a separate Authentication and Authorization system that all the microservices will talk to for end-user auth.
So, my doubts are:
What approach should I take?
I have looked at OPA and it seems promising but I can't seem to figure out the implementation.
I also looked at some other authorization systems like Google's Zanzibar. Is it any good?
The instructions for providing FIWARE based authentication for Wirecloud suggest installing KeyRock (a frontend/backend combo of the Horizon/Keystone GE). Is the frontend (Horizon) really necessary if the only application to be secured is a Wirecloud instance (and possibly some backend services). The point is to avoid, if possible, to have to configure/style/maintain etc. a second frontend. Is it possible to authenticate directly using a Django plugin like this? Pros and cons?
WireCloud is currently linked to the use of django.contrib.auth, any authentication plugin based on it should work. Moreover, the instructions for using KeyRock are using python-social-auth so, in fact, you can use it for authenticating using any of the backends supported by python-social-auth: GitHub, Twitter, OpenId, ...
In that regard, I don't see any problem in the use of the plugin you are proposing (Although I have not tested it).
The advantage of using the KeyRock backend provided by WireCloud is that it enables operators and widgets to propagate the credentials to third-party services using KeyRock for authentication (e.g. Orion Context Broker, Object Storage, ... and in general, any service behind a PEP proxy).
I have just created my first token based web API with Django-Rest-Framework and it has worked really well for my mobile applications.
I am about to start creating a website based on Django, but I would like to reuse as much of my API code as possible.
The options I can see are:
Create a basic Django application that consumes my DRF API, would have to add basic auth to my api?
Create a third application which contains all my models and logic and then import the code into the API and website application.
How do you normally approach this kind of code reuse with Django?
This answer is based on my personal approach on the problem, both on industry and academic scenarios.
I value software decoupling. As such, I want to build smaller components, as reusable as possible. While presented with a similar problem, I've built the following components:
Django Rest Framework with authentication based token and complete REST API for all models;
Mobile application that interacts with the server using REST;
Web Application (in my case with AngularJS) that interacts with the application using REST.
This approach allows to have different teams working each on their own (backend, mobile, web). I could enumerate tens of advantages of adopting such approach, but I've paved the way and you can consult literature if needed.
Good luck
I want to build a RESTful webservice api handle phonegap application request.
I am familiar with Python and Django.
Restful webservice is a social network like Twitter, required to use Mongodb. Everyone can post status photo from mobile app to server and can follow anyone. I have read about django-tastypie to build restful api but I want to use mongodb. About mongodb driver for django I have read mongoengein.
What about commbo django + django-tastypie + mongoengien? Is is suitable for me?
There is this https://github.com/mitar/django-tastypie-mongoengine . Weather the tastypie model is the right choice depends on many factors, but it's ability to create a standards compliant REST that works with backbone.js will continue to encourage use. It's pretty nice to extend as well - taking alot of inspiration from the way you define ModelAdmins in django. Not having to come up with your own authentication system or integrate oauth by hand is appealing (but sometimes an existing authentication is required if you are building this into an old application).
I have tried to implement basic API endpoints with plain mongoengine and ran into many serialization issues (ObjectIDs and many other fields) and inability to get relations or easily or control the inclusion and detail of embedded documents, so it is worth at least putting some time into evaluation and tinkering with Tastypie. Like the mongoengine django admin - you wont find 100% seamless recreation of the SQL version but rolling your own solution here is a high level of effort.