diff options
| author | Tom Christie | 2013-03-07 09:01:53 +0000 |
|---|---|---|
| committer | Tom Christie | 2013-03-07 09:01:53 +0000 |
| commit | d4e3610e716f2fbbda32aefb972e604446054127 (patch) | |
| tree | db9daafbe8736d7c8854bd5ef4c310ad1dd6cb0b /docs/api-guide | |
| parent | ddd7125a63c5187483058bad27c94676b9b6c16e (diff) | |
| parent | 2eabc5c2b46d9f4cc7a467af849ff31397b9d7bf (diff) | |
| download | django-rest-framework-d4e3610e716f2fbbda32aefb972e604446054127.tar.bz2 | |
Merge & clean OAuth support
Diffstat (limited to 'docs/api-guide')
| -rw-r--r-- | docs/api-guide/authentication.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index ce2c99e1..740f1035 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -207,6 +207,20 @@ Unauthenticated responses that are denied permission will result in an `HTTP 403 If you're using an AJAX style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as `PUT`, `PATCH`, `POST` or `DELETE` requests. See the [Django CSRF documentation][csrf-ajax] for more details. +## OAuthAuthentication + +This authentication uses [OAuth 1.0][rfc5849] authentication scheme. It depends on optional `django-oauth-plus` and `oauth2` packages. In order to make it work you must istall these packages and add `oauth_provider` (from `django-oauth-plus`) to your `INSTALLED_APPS`: + + INSTALLED_APPS = ( + #(...) + `oauth_provider`, + ) + +OAuthAuthentication class provides only token verification and signature validation for requests. It doesn't provide authorization flow for your clients. You still need to implement your own views for accessing and authorizing Reqest/Access Tokens. This is because there are many different OAuth flows in use. Almost always they require end-user interaction, and most likely this is what you want to design yourself. + +Luckily `django-oauth-plus` provides simple foundation for classic 'three-legged' oauth flow, so if it is what you need please refer to [its documentation](http://code.larlet.fr/django-oauth-plus/wiki/Home). This documentation will provide you also information about how to work with supplied models and change basic settings. + + # Custom authentication To implement a custom authentication scheme, subclass `BaseAuthentication` and override the `.authenticate(self, request)` method. The method should return a two-tuple of `(user, auth)` if authentication succeeds, or `None` otherwise. @@ -262,3 +276,4 @@ HTTP digest authentication is a widely implemented scheme that was intended to r [south-dependencies]: http://south.readthedocs.org/en/latest/dependencies.html [juanriaza]: https://github.com/juanriaza [djangorestframework-digestauth]: https://github.com/juanriaza/django-rest-framework-digestauth +[rfc5849] : http://tools.ietf.org/html/rfc5849 |