I am writing a Python application to download csv files through an API on an internal server, by sending GET requests. When testing the requests through Postman, I was able to use Basic Auth along with my Windows credentials to generate a token and authenticate on the server.
Now when it comes to the Python application, I obviously don't want to hard-code my Windows credentials into the app, nor do I want to use the Basic Auth token that was generated (maybe I'm wrong, but this still seems like it would not be a very secure thing to do as I believe the token is a direct hash of my credentials, not to mention when I change my credentials I would have to go and update the token as well).
What I want to know is if it is possible to automatically use the windows credentials from wherever the program is run, in order to authenticate against the server. I tried using NTLM, but unless I am misunderstanding this would still require my credentials to be coded into the app, and from my testing it looks like the server only supports basic auth and not NTLM directly.
I am very new to authentication in Python (and in general), any help would be appreciated.
Related
I want some help with the database implementation in my project.
The final implementation:
Website:
I want to make a (flask) website where the user can create or delete an account.
Desktop application:
I also want to make a (PyQt) python application that the user can log in to his/her account via a login prompt.
Database:
I want to make a (firebase) database so the users can authenticate. The database will also collect some user information except the authentication credentials.
The implementation until now:
Firebase:
I created a “web app” in firebase so I communicate with firebase via firebaseConfig
Flask website:
I created a flask website that communicates with the firebase via the firebaseConfig. The user fills in a form, and the firebase authentication creates a user via (create_user_with_email_and_password). The database, also, collects some extra user information.
(I think that my code is “safe” as it is server-side)
The problem:
Python application:
I created a python application that the user can log in to the firebase authentication. The problem I faced is that I “have to” include the firebaseConfig in my python code. With the firebaseConfig I can create and delete users, but I don’t want the other users to have the ability to do this.
(so I think my code is unsafe because the communication with the firebase is client-side so someone may decompile the code and get the firebaseConfig).
What is the best way to make my project safer?
It sounds like you're using the Firebase Admin SDK for Python, which (like all Admin SDKs) runs with elevated privileges and should only be used in trusted environments (such as your development machine, a server that you control, or Cloud Functions/Cloud Run).
There is no Firebase-provided SDK for use in Python applications that you ship to regular users of your app. That means that your options are limited to either using the REST API to sign in with Firebase, or to use a 3rd party library, such as Pyrebase (be sure to not use a service account there, as that'd make it run with the same elevated privileges as the Admin SDK).
How to authenticate users using only external system logins on the superset.
like this.
Is this possible?
I've never used Python at all, but I need to customize a superset.
The external login system is an oauth 2.0 based authentication system.
I want to authenticate using a token stored in local storage or using a login page provided by the authentication system of an external login system.
Is this possible?
If user authentication is not possible with an external authentication system alone, please explain how to use Superset's user authentication and external authentication system together.
You can begin with the official documentation on superset, although you'll probably have to tinker further to get it working:
https://superset.apache.org/docs/installation/configuring-superset#custom-oauth2-configuration
I made a CLI application in Python which uses Google Dialogflow.
As the documentation provides, I created a Service Account and downloaded the JSON file. Then I loaded it in Python and the application works.
Now I want to publish my software on GitHub and pip but when I load all the files I receive an e-mail from Google that states that I am not managing correctly my credentials. And I agree with that.
The problem is that I do not understand how to manage properly those credentials.
There is 2 solutions:
Either anyone can access to your backend, and you don't need a service account, because it's pubilc
Or, it's private and you don't publish your key (if the secret is known of everyone, the security is useless, make it public!). It's a requirement of the deployment to not commit publicly but to document and to explain how to configure the correct service account to use your app.
Provide more on your context and want you want to achieve to have better pieces of advice. What do you want to protect? Where will you deploy your app? ...
Hi I want to access an application that is behind OKTA sso. I am using python requests module for accessing the application. Before Okta I was able to access the application with userid and password from my python script. But after okta the script is failing to access the application.
what modification I need in my Python script using requests module
From what I understand, there is a big chance you want to access an application using Okta issued token.
You need to reach out to the application developers to identify how to properly retrieve a token. There are lots of ways to authenticate using Okta and without more information it's gonna be hard to help you out.
Once you have all those information you should be able to use any python module providing requests authentication classes for the authentication flow that you have to use.
Disclaimer: I wrote requests-auth providing Okta authentication classes that can be used with requests (nominated in the Okta developer community award).
I would like to know how to implement single sign on in a python web application. The application would run on a Windows Server in an Active Directory domain.
The clients would also be in the domain.
What I would like is that the authentication occurs automatically, like Windows Authentication in Asp.Net (The browser automatically authenticates the user using NTLM or whatever, without ever popping a credentials window).
Is there a library that supports handling the authentication against Active directory or better yet, that generates all the required http headers ?
The application would probably be developped using flask or bottle.
It would also be cool if there as a wsgi middleware that does this authentication automatically.
Try sso.py. I haven't tried it myself, but it looks promising.