All geek questions in one place

Django REST Framework - OAuth2 user API from an external provider

I am trying to allow users to access some resources from my Django REST API using Oauth2.

Most of the answers about Oauth2 and the API are related to the provider providing the API.

But I plan to split the Oauth2 provider with many REST APIs, and I cannot figure out how to consume (not how to provide Oauth2).

I have no idea how a user can log in to the SSO provider, and then transfer their token to my API, which should authenticate users against my provider (returning his information, mainly authorization).

Does anyone know how to consume Oauth2 from a Django REST infrastructure?

Picture:

[User] → [My API] ↔ [Oauth2 provider (with django-oauth-provider)] ↔ [Active Directory / anything]

+6
source share
2 answers

Looking at the code https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/authentication.py#L290 , this seems impossible. The Django-rest-framework internally accesses the provider's database tables to verify tokens and authenticate requests using this data.

Which, for me, defeats the OAuth goal, but here we go.

+4
source

I found these related questions that confirm what I thought was an interpretation error on my part:

In principle, the standard does not define such a function ... it is awesome if many people will please this moment earlier.

The strangest thing is that I could not find the django addon to do this ... are we the first two that need to authenticate more than one API using the same Auth Server?

+1
source

Source: https://habr.com/ru/post/971377/

More articles:


All Articles