In this article we are going to configure Django, this excellent framework for web development, in addition to this we are going to integrate a module called Django rest framework which is a toolkit that will allow us to create REST views in a simple way, and we will also protect the application using OAuth, this is an open protocol to manage security and is especially useful for applications that want to access our system externally.
Let's do it
In this example we are going to follow the following route:
- Setting up the development environment
- Data model
- Create a request list
- Configuring OAuth
- Protect views
- Automate OAuth
- Final notes
Repository url:
https://github.com/diegoug/Django-REST-framework-OAuth
Setting up the development environment
In Windows and in Visual Studio Code (vscosde) the cygwin terminal was configured, which has a behavior similar to unix systems, and additionally, the make and bash-completion programs were installed, this will be useful as a standard to be able to run our project on linux and mac which are unix systems.
We are going to add our configuration of the directory .ssh in the root of (C:), which is where our terminal will look for the ssh keys through our command (cd C:), this takes us to the path "/cygdrive/c/" which is access to disk C from cygwin, this configuration will help us to keep the django service running, also to be able to access from terminal and to be able to activate Django's debugging mode in vscode
Having docker and compose installed, we are going to position in the directory of the project that we cloned, we create the docker network, we compile the project and we are going to run the containers with the following Makefile commands
´´´
$ make create-network
$ make build-development
$ make start-development
´´´
After starting a clean environment in Docker, the project named django_rest_framework_MS was created inside
We configure the database that we are going to use, for our case it will be PostgreSQL that has excellent functionalities that adapt well to the functionalities of the django ORM, migrate, create a super user in the terminal and with this we have access to the admin of django
Data model
After creating a project, we are going to create an application for our library and then we are going to create two models, one for books and the other for authors.
Create a request list
Once our models are created, we create a simple view that is capable of delivering a list of books and the authors of each book, in a web view as well as in a rest view.
urls.py
views.py
We add some sample data and test the functionalities of the view using postman and the web browser
Postman
Chrome
Configuring OAuth
We are going to install Django OAuth Toolkit, on the official page of the library there is a section that details the installation of this library, in addition to the configuration to work with the Django Rest framework, you can find it HERE! in this link
After installing it, we are going to perform the following configuration to obtain the OAuth credentials of the super user that we have created previously from the django admin
We copy the credentials and use them to get our token from Postman
Protect views
We must protect the view from two sides, from the web side by username and password and then from the api side using OAuth
Web view
We globally configure Django rest framework in the settings so that the views use username and password
We test that it does not allow access
We add the urls of Login and Logout
We configure the redirect urls of the settings
We test the correct access
It works :D
API view
As we want the same view to handle both the web part and the api, we are not going to leave the two types of permissions declared at the same time in the settings (user / password and OAuth) the default configuration will be with username and password, and for the api urls we are going to overwrite the permissions with the OAuth configuration.
We tested that it does not allow access by postman to the api view
We add to the books view a configuration of authentication_classes and permission_classes when the view is instantiated on the url of the api
We test the correct access
It works :D
Automate OAuth
To finish, we are going to create a web endpoint that once the user has accessed the web application and navigates to a specific url in the web application, it gives him the Oauth credentials, we do this so as not to manually create configurations for each user that try to access through postman, if not rather that they enter the web application and look for their credentials.
urls.py
views.py
Chrome
It works :D
Final notes
It is important to note that this is only an example, and the advanced security configuration will depend on the administrator, an example is SSL encryption and the correct configuration of the settings that guarantee this security
We can also apply a microservices type configuration, to place a transversal and transparent authentication layer to all Django type micro services, but this is the subject of another article, now if you are interested in getting this part faster please leave a comment and share.
See you next time.
Top comments (0)