Consumer¶
Consumer Authentication¶
At the root of authentication & authorization is the consumer. The existence of a consumer gives us the ability to verify that the user exists, that we can authenticate the request by OAuth 1.0a signature. Then using this information, each endpoint can dictate whether or not a given consumer has access to a requested resource as necessary for each resource.
By default, OauthConsumer is used. However, this can be overridden with the DECLARATIVE_ENDPOINT_CONSUMER_GETTER
Django config setting. This must be implemented as a function that takes a single parameter (key).
Consumer creation is straightforward. If unspecified, key and secrets are auto-generated:
In [1]: from django_declarative_apis import models In [2]: consumer = models.OauthConsumer.objects.create(name='test_user') In [3]: consumer.__dict__ Out[3]:{'content_type_id': None, 'id': 1, 'key': 'j5wPDAvtYsArfZ5Lo5', 'name': 'test_user', 'object_id': None, 'secret': 'FM3wNWMj34JmzqFFRzPwe3QvOjE9X4Xu', 'type': 'RW'}
Endpoint Authorization¶
Consumers are authenticated automatically when using any endpoint definition class that derives from EndpointDefinition
. Rudimentary authorization (read-only vs read-write) is implemented as well. If an endpoint is defined as is_read_only = False
and a consumer has been created with consumer.type = OauthConsumer.TYPE_READ_ONLY
, the request will be rejected.
If more complex logic is required (i.e. the resource belongs to the requesting consumer), is_authorized(self) can be overridden.
Example
from django_declarative_apis import machinery
class MyEndpointDefinition(machinery.EndpointDefinition):
def is_authorized(self):
return self.request.consumer.id == self.resource.owner_id
BaseConsumer¶
- class django_declarative_apis.models.BaseConsumer(*args, **kwargs)[source]¶
BaseConsumer
is shared in common by all consumers. It implements Django’sGenericForiegnKey
to find what the consumer is supposed to point to, which could be the service calling the API to perform authentication, or it could be a mobile app instance. You can also set the read and write privileges of the consumer using TYPE_READ_ONLY and TYPE_READ_WRITE.
OAuthConsumer¶
- class django_declarative_apis.models.OauthConsumer(*args, **kwargs)[source]¶
Bases:
BaseConsumer
OAuthConsumer
inherits fromBaseConsumer
and it based onOAuth1.0a
. It adds the additional properties of key, secret, and rsa_public_key_pem.Example
from django_declarative_apis import models consumer = models.OAuthConsumer.objects.create() # *consumer will have:* # consumer.content_type_id # consumer.id # consumer.key # consumer.name # consumer.object_id # consumer.secret # consumer.type
- exception DoesNotExist¶
Bases:
ObjectDoesNotExist
- exception MultipleObjectsReturned¶
Bases:
MultipleObjectsReturned
- key¶
Consumer key as defined by OAuth 1.0a