Malcolm,
oAuth also looks like a great solution - it was not as well developed
when I last looked at REST authentication a couple of years ago. There
is a lot of developer support now as well, http://oauth.net/code/,
specifically https://github.com/simplegeo/python-oauth2
Stuart
I think oauth solves this problem well. What do you see wrong with it?
Malcolm
Sent from my iPhone, please excuse any typos
On 14 Jun 2011, at 16:35, Stuart MacKay<[email protected]> wrote:
Neznez,
The authentication problem is one that has never really been solved to any
general level of satisfaction for REST APIs, since the connection should be
stateless. For HTTP authentication there is either HTTPS + Basic or Digest.
HTTPS + Basic considered to be the easiest to implement and the most secure but
running a server with SSL is not the most trivial of tasks and there are issues
for clients and the problems of managing certificates, etc. etc.
For a Java based REST API I used the scheme used by Amazon web services where
the request is signed using a secret key and then authenticated on the server
which worked rather well and was resistant against lots of different types of
attack. You can find out more at
http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?RESTAuthentication.html.
However I am not sure what level of support you can find in django.
Stuart
Hi all, I'm newbie in Django, and I started to build my own API. I
know that there is Piston or Django REST framework, but I want to
learn API from scratch. What I want to know is, how to make my HTTP
Response (View) is perform authentication before can be accessed, or
we can make it have to throw username and password to access the HTTP
Response?
My code is very simple, like this one:
def test_api_view(request, whatever):
#
# do things
#
return HttpResponse(serializers.serialize("json", mydictionary),
mimetype='application/json')
Thank you.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
