Reputation: 3536
How to use OAuth2 within django-rest-framework?
I've been trying to integrate OAuth2 authentication in my drf application. Given I don't yet need a front-end for my app, I was using the browsable API. DRF and the OAuth2 provider package are supposed to work together without much configuration, as explained in the tutorial.
I should mention that all the steps from the tutorial are working (so I can access the app from the command line) but when I try to do it from the browsable API, I don't see any request for an access token or anything like that.
I think that DRF does not actually provide the flow for the front-end part of authentication by OAuth2, but I was just wondering if someone managed to make it work (because for now I am using SessionAuthentication).
Thanks.
Upvotes: 3
Views: 1743
Answers (1)
Reputation: 41671
OAuth2, unlike basic authentication and cookie-based authentication, does not easily work within the browser. When authenticating requests, it relies on the Authorization header being present (with the OAuth type) and there is no way using a browser to easily fill that in.
Session authentication relies on cookies, which most browsers easily support, and is recommended for interacting with APIs that are on the same domain as the front end.
Basic authentication also relies on the Authorization header, but uses the Basic type which is supported by most browsers.
Upvotes: 1
Related Questions
- Django REST Framework - OAuth2 Consumer API from external provider
- Using django-oauth-toolkit with Django 2.x
- Client Authentication in Django rest framework powered App using django-oauth-toolkit
- django rest framework OAuth2 Toolkit
- User authentication using django-oauth-toolkit
- OAuth2 Client (Python/Django)
- Django OAuth Toolkit
- Django rest framework working with django oauth toolkit
- Unable to use OAUTH2 Django
- Django with oauth2 for REST API