2

I've been trying to integrate OAuth2 authentication in my drf application. Given I don't yet need a front-end for my app, I was using the browsable API. DRF and the OAuth2 provider package are supposed to work together without much configuration, as explained in the tutorial.

I should mention that all the steps from the tutorial are working (so I can access the app from the command line) but when I try to do it from the browsable API, I don't see any request for an access token or anything like that.

I think that DRF does not actually provide the flow for the front-end part of authentication by OAuth2, but I was just wondering if someone managed to make it work (because for now I am using SessionAuthentication).

Thanks.

Improve this question
4
  • I have similar problem - did you manage to run DRF+OAuth2+Angularjs ? Commented Sep 1, 2016 at 16:27
  • 1
    @pplonski : yes, I did. I used a 3rd party library in my django project in order to have the OAuth functionality. This comes as a completion of DRF and is NOT a part of the API I built with DRF. So I can not login into the browsable API using OAuth2. Within Angular, I used restangular, which is great for requests. Basically, I make a call to get an access token, and set it as a header in restangular. All further requests are 'authenticated'. If you have any more questions or need some code, I'll be glad to help. Commented Sep 2, 2016 at 7:46
  • thank you! so, you wrote by your own Angular code to handle OAuth authorization - did you try to use for example github.com/Tivix/angular-django-registration-auth ? Commented Sep 2, 2016 at 8:26
  • @pplonski Yes, I pretty much wrote the code, inspired from a tutorial like this one : medium.com/opinionated-angularjs/…. As far as I can tell, your example is pretty similar to what I did : request a token, keep the obtained token in session/cookies and also set it as a header so that it is used on subsequent requests. I am currently working on making my implementation less error-prone. Commented Sep 5, 2016 at 9:58

1 Answer 1

Reset to default
1

OAuth2, unlike basic authentication and cookie-based authentication, does not easily work within the browser. When authenticating requests, it relies on the Authorization header being present (with the OAuth type) and there is no way using a browser to easily fill that in.

Session authentication relies on cookies, which most browsers easily support, and is recommended for interacting with APIs that are on the same domain as the front end.

Basic authentication also relies on the Authorization header, but uses the Basic type which is supported by most browsers.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Ok, this clarifies a lot of things (and confirms the fact that DRF's API will never use OAuth2). But I'm still a bit confused about how will this work in the final, real-life app (in which I am planning to use Angular).
To add to everyone observations, there is a clear lack of online resources that show how to implement DRF oauth2 with a browser mobile front end (React, Angluar, etc).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.