Customizing API access per project, for multiple projects per user

30 views
Skip to first unread message

Paul Walsh

unread,
May 12, 2013, 5:07:46 AM5/12/13
to django-res...@googlegroups.com
Has anyone done in working towards "project based" access tokens on DRF?

What I mean is:

API access requires an auth'd user. 

But, auth'd users have one or many "projects", and API access is through secret/public "project" keys. 

Similar to how the disqus API works.

gar...@reakes.com

unread,
May 13, 2013, 2:18:42 AM5/13/13
to django-res...@googlegroups.com
Hi Paul,

You could use the oauth2 stuff for that. There are concepts such as clients (which each of "projects" would be). They have client_id and client_secret which I think is what you are saying are "project keys". You can even hand off to the the project that does the oauth authentication with a "redirect url" if the user is not authenticated and then the oauth project will redirect back to you after authentication.

This what you want?


Gareth

Paul Walsh

unread,
May 13, 2013, 6:29:32 AM5/13/13
to django-res...@googlegroups.com
Hi Gareth,

Yes, that sounds about right. I assumed some type of 1-1 relation between DRF auth and User. Until now, I have been using token auth.

I'll have to dig in and see how I can use oauth2 for multiple clients per user in DRF.

thanks.


Paul Walsh
0543551144


--
You received this message because you are subscribed to a topic in the Google Groups "django-rest-framework" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-rest-framework/PLgdA3tLA0c/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to django-rest-fram...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Reply all
Reply to author
Forward
0 new messages