I have working Django project. Now i want to add FastAPI so at existing django templates i can make API requests to refresh data without reloading whole template (like tables for example).
The question is how to connect FastAPI to existing django authentication system, so it can use sessions from db, so that user authenticate only once, when logging in to django project.
Here some options i have investigated:
Change django base authentication to oauth2, also set fastapi to oauth2 (though i desire to configure fastapi, not changing django)
Fetch django sessions from db on each api request and verify user
Both django and fastapi on the same server and can share the same db.
Maybe some better options are possible. Please advice what would be the best approach to use django already authenticated user data with fastapi? Thx
Related
I have one DRF project called users where I will handle authentication and I have setup oauth2 and my API URL is
http://localhost:8000/auth/login
and this running fine
and I have one more DRF project called products and I have a URL
http:localhost:8001/products/getProduct/1
but I am not able to get the solution on how to access the user model from
users project
into
products project
I am trying to implement the central authentication system(CAS) for my microservice-based project
Trying to import users in your products project is against the principle of a microservice architecture.
You should handle authentication with an auth server where the user can log in and obtain something that identifies the user (typically a token).
And then the microservice (or some proxy/API gateway) has to validate this token againt the auth server
You can look at JWT for django rest framework for example to implement your solution.
I have a Django project that will ultimately consist of three apps. Two of which will be "normal" Django apps, the third is a djangorestframework app. I also plan on creating a desktop client for the project at some point.
I want the rest app to be the only entity communicating with the database. Hence I use requests to communicate with the rest endpoints from the views of the "normal" Django apps and I will do the same for the desktop client. I want all apps to be accessible only for authenticated users, so I'm using Django's authentication backend.
My question is how to pass on the authenticated user/session from the pure Django apps to the rest endpoints when using requests in the views.
I managed to authenticate on the rest API using request's HTTPBasicAuth, but that requires me to have the user's password at hand in plain text. Sure, I could create a technical user to do these requests. But that would also mean that each and every request would need to go through authentication first and that doesn't feel like the best approach.
I have tried to extract the session cookie from the request object that is provided to the views and pass it on through requests.get, but did not manage to put it into the requests.get call the right way.
As of now, using requests and the established sessions looks like my best bet, especially since that will be the way the desktop client will do things, too. So I'm currently looking for the right way to provide requests.get with the session cookie, but I'm certainly open for better solutions.
You should use tokens.
Basically any kind of authentication out of your django project should be managed with secure tokens.
And yes, authentication check should happen everytime you send a request. To make it faster, you can store tokens in memory. (You can use redis or maybe even load your db on memory or ... ) but this is the right and common way to it. Even django does this check everytime using it's builtin functions.
DRF docs recommended some few packages to manage these tokens:
DRF: Third party packages
I used knox for many projects and it's pretty good.
Basically to authenticate your users over all of your projects or microservices, you have to take the token from user, set it as header or ... for your request to the main database or authentication project.
Most of the apps use token in headers which you can simply add to all of your requests calls:
Requests docs: Custom Headers
I'm developing an app in Django which uses an existing database with created users.
I set my database configuration parameters to a PostgreSQL server and I perform my custom queries through "connections" library.
The problem comes when I want to use my own table to authenticate users. I saw many tutorials and blog posts and I rewritten my authentication backend. But when I want to use my own table to authenticate users and set sessions, Django's Framework only allows me to use User object.
I think these object is linked to Django tables in database and when I want to authenticate an user shows me a message saying the relation "auth_user" doesn't exists. This means that User object is linked to this table.
Does there, exist some method to use my own table with Django Authentication Backend or should I use it?
To use custom Django model with existing Django login backend
AUTH_USER_MODEL = 'myapp.MyUser'
Django docs
To use custom Django authentication backend
AUTHENTICATION_BACKENDS = 'myBackend'
Django docs
I am evaluating if Firebase authentication to see if it works well with Django/Djangae. Here comes some context
require email/password authentication, able to additional field like job title, and basic things like reset password email.
use Djanage framework (Django that uses datastore as data storage), app engine.
really good to make use built-in authentication tool provided by Django, like session, require-loggin, etc.
Drop-in authentication seems to be a candidate. Does it work with Django authentication, like permission, group, etc.
Thanks for advance.
Firebase authentication only supports login/signup, reset password or email.
but for that you need firebase admin credentials.
For other field you need local model. There is no problem with using django, but also no existing integration I'm aware of, so you'd have to hook it up yourself.
if you want auth-system like firebase and other functionality than you can use social-django-restframework. you can integrate all login system with your django app and control user with inbuilt user model.
I'm implementing OAuth2 provider with Django Rest Framework and Django OAuth Toolkit.
Django OAuth Toolkit already has a set of views for managing OAuth Applications. This views let third-party application developer to do basic CRUD on an Application model. There's also a sample view for a resource owner to authorize the third-party app.
However I can't figure out a proper way for the resource owner to revoke the third-party app authorization. There's a revoke-token endpoint but if I get it right it serves a different job.
Essentially I try to build a view similar to the GitHub's "Authorized applications" page:
It looks like the RefreshToken model is the one I should use to list the connections. But works not as expected when the user reauthorizes the app. The RefreshToken instance is created after each successful authorization prompts and the connection list grows with duplicates.
Has anyone successfuly implemented a similar view with Django OAuth Toolkit?