Re: Authentication in API (REST)
Malcolm, oAuth also looks like a great solution - it was not as well developed when I last looked at REST authentication a couple of years ago. There is a lot of developer support now as well, http://oauth.net/code/, specifically https://github.com/simplegeo/python-oauth2 Stuart I think oauth solves this problem well. What do you see wrong with it? Malcolm Sent from my iPhone, please excuse any typos On 14 Jun 2011, at 16:35, Stuart MacKay wrote: Neznez, The authentication problem is one that has never really been solved to any general level of satisfaction for REST APIs, since the connection should be stateless. For HTTP authentication there is either HTTPS + Basic or Digest. HTTPS + Basic considered to be the easiest to implement and the most secure but running a server with SSL is not the most trivial of tasks and there are issues for clients and the problems of managing certificates, etc. etc. For a Java based REST API I used the scheme used by Amazon web services where the request is signed using a secret key and then authenticated on the server which worked rather well and was resistant against lots of different types of attack. You can find out more at http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?RESTAuthentication.html. However I am not sure what level of support you can find in django. Stuart Hi all, I'm newbie in Django, and I started to build my own API. I know that there is Piston or Django REST framework, but I want to learn API from scratch. What I want to know is, how to make my HTTP Response (View) is perform authentication before can be accessed, or we can make it have to throw username and password to access the HTTP Response? My code is very simple, like this one: def test_api_view(request, whatever): # # do things # return HttpResponse(serializers.serialize("json", mydictionary), mimetype='application/json') Thank you. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Authentication in API (REST)
I think oauth solves this problem well. What do you see wrong with it? Malcolm Sent from my iPhone, please excuse any typos On 14 Jun 2011, at 16:35, Stuart MacKay wrote: > Neznez, > > The authentication problem is one that has never really been solved to any > general level of satisfaction for REST APIs, since the connection should be > stateless. For HTTP authentication there is either HTTPS + Basic or Digest. > HTTPS + Basic considered to be the easiest to implement and the most secure > but running a server with SSL is not the most trivial of tasks and there are > issues for clients and the problems of managing certificates, etc. etc. > > For a Java based REST API I used the scheme used by Amazon web services where > the request is signed using a secret key and then authenticated on the server > which worked rather well and was resistant against lots of different types of > attack. You can find out more at > http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?RESTAuthentication.html. > However I am not sure what level of support you can find in django. > > Stuart > >> Hi all, I'm newbie in Django, and I started to build my own API. I >> know that there is Piston or Django REST framework, but I want to >> learn API from scratch. What I want to know is, how to make my HTTP >> Response (View) is perform authentication before can be accessed, or >> we can make it have to throw username and password to access the HTTP >> Response? >> >> My code is very simple, like this one: >> def test_api_view(request, whatever): >> # >> # do things >> # >> return HttpResponse(serializers.serialize("json", mydictionary), >> mimetype='application/json') >> >> Thank you. >> > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Authentication in API (REST)
Neznez, The authentication problem is one that has never really been solved to any general level of satisfaction for REST APIs, since the connection should be stateless. For HTTP authentication there is either HTTPS + Basic or Digest. HTTPS + Basic considered to be the easiest to implement and the most secure but running a server with SSL is not the most trivial of tasks and there are issues for clients and the problems of managing certificates, etc. etc. For a Java based REST API I used the scheme used by Amazon web services where the request is signed using a secret key and then authenticated on the server which worked rather well and was resistant against lots of different types of attack. You can find out more at http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?RESTAuthentication.html. However I am not sure what level of support you can find in django. Stuart Hi all, I'm newbie in Django, and I started to build my own API. I know that there is Piston or Django REST framework, but I want to learn API from scratch. What I want to know is, how to make my HTTP Response (View) is perform authentication before can be accessed, or we can make it have to throw username and password to access the HTTP Response? My code is very simple, like this one: def test_api_view(request, whatever): # # do things # return HttpResponse(serializers.serialize("json", mydictionary), mimetype='application/json') Thank you. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Authentication in API (REST)
On 10 June 2011 01:26, Yohanes Adhi Nugraha wrote: > > Not that one, if we use django.contrib.auth and @login_required, it's > only redirects you to login page. > What I saw from another site is, browser will popup an alert with > username and password to be filled. > > View source is your friend. Have a look at the other site and figure out how they do it. My guess is that they will have an unauthenticated page with some JS on it that tries to make an authenticated call, catches any return error and prompts for login. Malcolm -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Authentication in API (REST)
Hi Malcolm, Not that one, if we use django.contrib.auth and @login_required, it's only redirects you to login page. What I saw from another site is, browser will popup an alert with username and password to be filled. Nez -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Authentication in API (REST)
On 9 June 2011 17:51, Neznez wrote: > Hi all, I'm newbie in Django, and I started to build my own API. I > know that there is Piston or Django REST framework, but I want to > learn API from scratch. What I want to know is, how to make my HTTP > Response (View) is perform authentication before can be accessed, or > we can make it have to throw username and password to access the HTTP > Response? > > https://docs.djangoproject.com/en/1.3/topics/auth/ Malcolm -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Authentication in API (REST)
Hi all, I'm newbie in Django, and I started to build my own API. I know that there is Piston or Django REST framework, but I want to learn API from scratch. What I want to know is, how to make my HTTP Response (View) is perform authentication before can be accessed, or we can make it have to throw username and password to access the HTTP Response? My code is very simple, like this one: def test_api_view(request, whatever): # # do things # return HttpResponse(serializers.serialize("json", mydictionary), mimetype='application/json') Thank you. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.