I am building flask rest and planning to use flask-restful. I am familiar with flask login, but understand that with restful I need jwt.How to implement authentication? with flask-jwt or flask-jwt-extended? Also I am not using blueprints for this small project.I need to authenticate my routes(that are actually class Resource).
Thank you
If you look at the commits on the Github pages of both Flask-JWT and Flask-JWT-Extended, I believe it's safe to say that Flask-JWT was abandoned. I would advise to go for Flask-JWT-Extended, it also has more features (like refresh tokens).
Also mentioned in this post.
Related
I'm new to Okta and I'm having a tough time wrapping my head around what I need to do in order to authenticate users.
I'm writing a web portal for a company that already uses Okta internally.
They have requested that I use Okta to authenticate users. That is the only Okta integration requirement.
The portal uses vanilla JS/CSS/HTML5 on the front end, and a custom Python api layer and Python back end for serving data.
I've read through the guide over at http://developer.okta.com/docs/guides/pysaml2.html and I can't help but think this seems like overkill to simply authenticate users.
I saw that when I created a sample app that I could create the app with Secure Web Authentication rather than SAML. Is that advisable in my case? Do we need to use SAML?
If SAML is the correct approach, I'm feeling a bit lost after reading through the documentation about where to even begin. The app itself isn't really a Python app, although Python is used.
I have the Okta app created. I have the custom web app created with a custom Python backend and API layer.
Any tips on how to connect the two in order to authenticate users?
Have you seen this: http://developer.okta.com/docs/guides/okta_sign-in_widget
Seems most appropriate to your situation.
We are using the built in django.contrib.auth to handle most of our users log-ins/registrations.
However we also want to have basic HTTP Auth access to our app api so that we can access it via a command line interface project we are building.
The closest thing I found was this: https://djangosnippets.org/snippets/243/
But that is from all way back in 2007 and there is nothing more recent, I was surprised to not see anything added to Django to resolve this issue. Is there a library that I may be missing?
My manager suggested I build some middleware to handle this, is this the best way?
I'm writing a Django app that uses django-allauth for Facebook integration, and uses django-tastypie for a backend for an iOS app. The iOS app will use the native Facebook iOS SDK. I'd like to be able to sign up and verify both Facebook and non-Facebook users from the iOS app, in addition to the website.
The issue is that django-allauth doesn't seem to have an API that can be accessed externally. The only clean way to plugin to allauth's functionality seems to be via Django template tags. Is there a way I can expose this functionality to be used with tastypie?
Django-allauth is all open source, so I've tried to parse through the code. My initial idea is to authenticate users on the iOS side using the native Facebook SDK, and then manually fill in information for SocialAccount, SocialToken, and add the SocialAccount to SocialApp (those are all django-allauth models). However, that seems to be quite a hacky solution. I'd love a way to cleanly create all those models given a Facebook ID, or something similar.
Update:
There's been some discussion concerning this issue on the GitHub. Basically, there's no built-in functionality yet. I'm going to whip up a custom solution that only deals with Facebook (because that's all I'm using in my application). I'll post what I did here later if it works.
Quick look into django-allauth shows that they are using SocialAccount model to hold data on specific method of authentication and type of social account.
You need to create an API endpoint based on SocialAccount model. You need to pass there variables like: account type (facebook, local, twitter etc), additional auth variables needed by social auth providers. Then, in your code you can create SocialAccount model instances, feed with data received from API endpoint call and trigger corresponding auth call via django-allauth. Finally you should return result of your auth call.
I don't see a big reason to use django-allauth for local/facebook auth only, with some small effort you can have whole range of social auth providers.
I used requests library to deal with facebook API and it works great, I think no social login plugin for Django works for others but the author, if you want to do something seriously.
PS. I used django-rest-framework to build the rest backend for mobile apps, also including local account login and social site login.
I have got an Django application that uses the RemoteUserBackend in combination with Apache and mod_auth_kerb to authenticate against Kerberos.
However, this has some drawbacks:
There is no proper logout without closing the browser tab. You may click "Logout" in your Django application, but I would expect to be asked for my credentials when I try to log in again - the latter is not the case. (Side note: It is quite possible for my application that two users want to log in one after another, which increases the lack of comfort and may be problematic when one users performs actions with the other user's rights.)
The application is currently tailored to the Apache/RemoteUser solution, so it does provide no flexibility to switch over to other authentication methods, e.g. authentication against the Django database. The possibility to use alternative authentication methods would also ease the development of the application.
That said, I would like to use a form-based authentication (username/password). This would move the control for the authentication to Django, so login/logout should work properly then. Also, this form could be used as well with different authentication backends, without a need to modify the GUI.
How can this be done? Is there already a solution to this or a project that adresses my issue? Most implementations I saw like the ones in the answers here just use Apache or an LDAP authentication, but not Kerberos.
Related, but unanswered question: Django user logout with remote authentication
Sorry this is delayed. I am the author of the above recommended Kerberos + Django post (roguelynn.com).
For your first issue, take a look at kobo: https://fedorahosted.org/kobo/ - it uses Kerberos + RemoteUserBackend + Apache with Django, but implements a logout mechanism (in kobo/django/xmlrpc/auth.py: https://git.fedorahosted.org/cgit/kobo.git/tree/kobo/django/xmlrpc/auth.py).
http://www.roguelynn.com/words/django-custom-user-models/
That blog post explains quite nicely how to use Kerberos as a Django 1.5 backend authenticator. Hot off the presses as of May 15th. She's got a bunch of nice kerberos examples.
For posterity's sake just in case the blog goes away someday, the author stores her blog posts as static files in her github repo.
https://github.com/econchick/roguelynn/blob/master/_posts/
I have an application that will use flask and mongodb; I will probably host it on rackspace.
I need to understand how flask authenticating works. I have not found much information on the subject. Is there a complete tutorial on how to roll your own solution? If not, I certainly would like to hear some thoughts on how you would approach it for a a flask app.
Big PS:
I just thought about it. I also need to open a real API. A part of that API will be used for AJAX on the front end. How do i secure that part of the app?
Can anyone explain API auth requests?
I would suggest using the flask-login extension, it makes session management really easy to add to your flask application, and provides a nice documentation which covers in details every aspect of the extension.
I don't think that flask has any authentication built-in, only support for tracking sessions.
Here are some snippets for basic HTTP authentication and authentication with some third-party providers. Otherwise you will need to roll your own or use a framework that has this baked in (like Django)
Here is a discussion thread on this topic with a useful link
Flask-Login doesn't, technically, do authentication - it does session management, leaving the (tricky to securely implement) authentication details to you. Something like Flask-Security actually implements both session management and authentication (also nice-to-haves like password recovery/reset and the like), at the cost of having to have explicit support for your database.