DEV Community

Cover image for Django REST framework +OAuth
Diego Uribe Gamez
Diego Uribe Gamez

Posted on

Django REST framework +OAuth

In this article we are going to configure Django, this excellent framework for web development, in addition to this we are going to integrate a module called Django rest framework which is a toolkit that will allow us to create REST views in a simple way, and we will also protect the application using OAuth, this is an open protocol to manage security and is especially useful for applications that want to access our system externally.

Let's do it

In this example we are going to follow the following route:

  1. Setting up the development environment
  2. Data model
  3. Create a request list
  4. Configuring OAuth
  5. Protect views
  6. Automate OAuth
  7. Final notes

Repository url:

Setting up the development environment

In Windows and in Visual Studio Code (vscosde) the cygwin terminal was configured, which has a behavior similar to unix systems, and additionally, the make and bash-completion programs were installed, this will be useful as a standard to be able to run our project on linux and mac which are unix systems.

We are going to add our configuration of the directory .ssh in the root of (C:), which is where our terminal will look for the ssh keys through our command (cd C:), this takes us to the path "/cygdrive/c/" which is access to disk C from cygwin, this configuration will help us to keep the django service running, also to be able to access from terminal and to be able to activate Django's debugging mode in vscode

Having docker and compose installed, we are going to position in the directory of the project that we cloned, we create the docker network, we compile the project and we are going to run the containers with the following Makefile commands

$ make create-network
$ make build-development
$ make start-development

After starting a clean environment in Docker, the project named django_rest_framework_MS was created inside

Project folder inside

We configure the database that we are going to use, for our case it will be PostgreSQL that has excellent functionalities that adapt well to the functionalities of the django ORM, migrate, create a super user in the terminal and with this we have access to the admin of django

Database configuration


Admin login

Admin inside

Data model

After creating a project, we are going to create an application for our library and then we are going to create two models, one for books and the other for authors.

Books and authors models

Create a request list

Once our models are created, we create a simple view that is capable of delivering a list of books and the authors of each book, in a web view as well as in a rest view.

We add some sample data and test the functionalities of the view using postman and the web browser



Configuring OAuth

We are going to install Django OAuth Toolkit, on the official page of the library there is a section that details the installation of this library, in addition to the configuration to work with the Django Rest framework, you can find it HERE! in this link

After installing it, we are going to perform the following configuration to obtain the OAuth credentials of the super user that we have created previously from the django admin

OAuth django admin user credentials

We copy the credentials and use them to get our token from Postman

Postman get token

Protect views

We must protect the view from two sides, from the web side by username and password and then from the api side using OAuth

Web view
We globally configure Django rest framework in the settings so that the views use username and password

django rest framework settings permission

We test that it does not allow access
Error access in web view

We add the urls of Login and Logout
login urls

We configure the redirect urls of the settings
settings url redirects

We test the correct access
Login form

Correct access

It works :D

API view
As we want the same view to handle both the web part and the api, we are not going to leave the two types of permissions declared at the same time in the settings (user / password and OAuth) the default configuration will be with username and password, and for the api urls we are going to overwrite the permissions with the OAuth configuration.

We tested that it does not allow access by postman to the api view
Postman api error access

We add to the books view a configuration of authentication_classes and permission_classes when the view is instantiated on the url of the api
Custom permission api access

We test the correct access
Postman api correct access

It works :D

Automate OAuth

To finish, we are going to create a web endpoint that once the user has accessed the web application and navigates to a specific url in the web application, it gives him the Oauth credentials, we do this so as not to manually create configurations for each user that try to access through postman, if not rather that they enter the web application and look for their credentials.
urls to get token
view to distapch token

Deliver credentials in browser

It works :D

Final notes

It is important to note that this is only an example, and the advanced security configuration will depend on the administrator, an example is SSL encryption and the correct configuration of the settings that guarantee this security

We can also apply a microservices type configuration, to place a transversal and transparent authentication layer to all Django type micro services, but this is the subject of another article, now if you are interested in getting this part faster please leave a comment and share.

See you next time.

Top comments (0)