Let’s paint a picture for you. You want to create a web and mobile application that allows your users to login more securely than Token Authentication. You know it’s possible, but you’re not sure how to implement something like this.
We can also use Facebook, Google, Twitter, Github, etc. to authenticate users. However, I’m just going to describe how to use OAuth to authenticate with JUST our application.
Maybe there is a package you can use? You’d be correct. There is a package you can use. OAuth Authentication implementation from scratch is complicated. Therefore, I recommend NOT re-inventing the wheel. I recommend using a package that already implements it. (I’ll write a post about how OAuth can be implemented yourself, if you’re interested in learning how this works).
I’m just going to pick a random OAuth package because it really doesn’t matter. The implementation of OAuth is the same no matter which package you choose. In this case, I’m going to use
Implementing OAuth2 using Django-REST-Framework-Social-OAuth2
Let’s start by installing the package.
Now, let’s add the package apps to our
Next, let’s include the URLs to our
Now, we need to set up the packages
CONTEXT_PROCESSORS. If you are using Django 1.8+ you’ll add the
CONTEXT_PROCESSORS in the
However, if you are using anything BEFORE Django 1.8, you’ll need to add the context processors like so…
Now, we need some Authentication Backends so that Django and REST knows how to authenticate users. So, let’s add the backends to both settings.
Set up Web Application
We have successfully setup our application to use OAuth2 in our Web Application. Just like every time you add a new app to your list of
INSTALLED_APPS, you always need to run:
This command will build our database backend with the new models from the OAuth2 package.
Let’s run the application!
If the application starts correctly, we’ll go to http://localhost:8000/admin/ and login with:
When you login successfully, you’ll see a list of different options:
Django OAuth Toolkit and
Django OAuth Toolkit, near
Your application should be filled out to be the following:
Next, click save to save that application.
Test the Application
If you are using CURL, you can run the following command:
If you are using Postman, your interface should look like this:
This will retrieve a secret token for use for authentication by our user.
Now, we need to use the access token that we received and create an
Authorization header in the form:
The access token that I received happens to look like this:
So, if I want to access http://localhost:8000/polls/api/questions/1 I have to create a header using my access token in order to access that question.
In CURL, I would do something like this:
Just to test it out to make sure that I’m doing this right, I will remove the Header from the request and see if Django will let me access the data. Not surprisingly, it doesn’t let me in!
Homework (because this helps you apply what you learned)
- Setup a new Django REST Framework web application
- Add an endpoint, a serializer and make sure only authenticated users can access the data.
- Follow the steps above and try OAuth2 out for yourself. Get it to work.
- If you have questions email me
Now, you know how to implement OAuth2 in your own application. You can use the similar steps to get this setup for Facebook, Google, Twitter, Github, etc. so you can allow users to sign in to your application using accounts that they already have and use!
Try this out, see if you can get it work for yourself!