This is my first question in SO, sorry if it's poorly structured.
I'm a relative noob developer trying to make a REST Api with Token Authentication. I already made one with Flask and I want to make the same one with the help of CherryPy. The problem is that I'm quite lost finding some sort of plugin for CherryPy, I'm either blind or I just can't find examples nor plugins in order to make the token authentication. Could someone help me? Any info or advice will be of great help :)
This is what I achieved with Flask https://github.com/themese/flask-api
Really my problem is that with Flask and Cherrypy i found the same issue with the token auth, but with various SO posts and wiki info, I managed to code the token auth. I just seem not to be able to reporduce it with Cherrypy, perhaps the lack of info :(
I realize this post is a little old, but I would recommend you look at implementing tokens with JWT. You should use the PyJWT package and create a CherryPy Tool for route authentication & authorization checks.
Another method would be to generate a token using something like a uuid4 hex and persisting that token in your db.
I'd recommend you investigate JWT and how to implement it properly - Auth0.com.
I am a noob too. probably more so. Just trying to help.
From the docs:
Authentication
CherryPy provides support for two very simple authentication mechanisms, both described in RFC 2617: Basic and Digest. They are most commonly known to trigger a browser’s popup asking users their name and password.
link: http://docs.cherrypy.org/en/latest/basics.html#authentication
Related
I want to make an app that needs authentication, I want to use Oauth2 and I have my own REST API.
I know this is very brief question so I'm not expecting direct answer.
If you have any links or articles for this it would be helpful!
Using a library such as react-native-app-auth will help you a lot. There's quite a lot of setup to do which is explained in their documentation. Feel free to update if you run into troubles using it.
Go through this blog: https://medium.com/#alexmngn/the-essential-boilerplate-to-authenticate-users-on-your-react-native-app-f7a8e0e04a42
it is very easy to understand and shows basic authentication by OAuth2.
I just watched this video about why JWT's suck. I'm now uncertain what I should use for authentication.
For context: The API I wrote is mainly used by mobile Apps (iOS and Android). In the future it will also be accessed via a React Frontend.
In the past I just used DRF's build in Token authentication. The phone would then just store this token in the storage of the respective app.
Now I've recently been told, that this is not safe and that I should use JWT's. While researching JWT's I found the video above, which elaborates on why JWT's suck and basic session authentication is better. But as far as I know, when used as an API I can't use session authentication with DRF, can I?
So my question is? What tools of DRF would you suggest to use for authentication, so that it's safe?
Thank you in advance if anyone answers this question!
Edit: Someone privately suggested using O-Auth instead of DRF's tokens or JWT's. Would that be better?
Take a look at django-oauth-toolkit for OAuth 2
So here is my duplicate of the question on security stackexchange. The man #rdegges himself has answered it. Enjoy! https://security.stackexchange.com/questions/184855/django-rest-framework-what-should-i-use-for-authentication-how-should-i-use-it/184950#184950
Parse? Auth0? Firebase? Ionic Platform?
I'm so lost... Can anyone help me?
If you are looking for a "backend in a box" then If you are creating an API meant to be consumed by an Ionic application, JWT is probably what you are looking for. Parse, Auth0 etc may help. I have not used them. However, if you are building your own backend it will be dependent on what server side framework you are using. It's safe to say that JWT is a good approach on the client side(angular/ionic), but you will need a serverside authentication and account system such as Passport for Node, Devise for Rails etc.. Either of those will handle basic authentication and account management. You will need a JWT layer as well to produce and manage tokens for the client. You can also create a homebrew system if you choose to but the frameworks I mentioned make things quite a bit easier.
I'm almost driving crazy looking for the right way to implement appropriate authentication functionality for my OWIN/Katana project using SignalR.
I already read about writing an own OAuth2.0 Service, I heard about using cookie authentication, and using SignalR's [Authorize] attribute. Yet, I am not quite sure about whether any of these approaches meet my requirements.
I have the following scenario:
I've got a host application that performs a WebApp.Start() for let's say TWO owin hosts.
Each owin host has various middlewares.
What I want to do: At the beginning of each OWIN pipeline I want to add an OWIN middleware that presents a login-page and allows the user to authenticate. If the user has been successfully authenticated, he is able to reach any other middlware in the pipeline. If the user browses to a further pipeline before authenticating, he should be redirected to the login page.
The problem: I found plenty of articles describing how to write an OAuth 2.0 server and so on. What I did NOT found is a step-by-step tutorial showing how to authenticate using JavaScript and after that, share and use the authentication data in each middleware that has to check if the user is authenticated.
Does anyone have a good tutorial of how to achieve something like this?
Or, is it even possible to share the authentication data between multiple OWIN IAppBuilder instances. (Each middleware is a separated DLL, in my case.)
Please don't blame me for not reading any documentation or something, I really did already spend a looot of time investigating in how to approach something like this. IMHO there is no really good article describing how to achieve something like that.
Or, at least, can anyone explain to me how to work something out?
Thanks in advance!
Ronald
Project structure: https://pl.vc/2y86u
I have a project OWIN.Framework that allows you to have multiple OWIN pipeline segments with routing. This would allow you to have some middleware that runs first, and multiple pipelines behind this configured with different middleware in each pipeline.
I am developing a google chrome extension that needs to communicate with a nodejs server. I was wondering if its possible to use everyauth package to simplify authentication. For starters, I just wanted to use simple password based authentication. But from the examples and the documentation ,as well according to my trial, it seems to me that everyauth is designed to be used for a webapp and gives me errors if i don't set the getLoginPath. Also i am not sure how to configure everyauth to send the user details or errors after user authenticate in a json payroll rather than redirecting user to a particular page. This is my first project with node.js and I am looking for some advice on how to go forward with this. I am open to using some other package/library that provides such authentication,
Since you are open to using other modules, as the developer of Passport, I'd suggest you look at it: https://github.com/jaredhanson/passport
Passport is designed to be a simple and unobtrusive authentication library, which makes it easy to get up and running quickly. It's also modular and extensible, which allows it to adapt to your applications needs over time.
The examples provided, along with the local strategy ( https://github.com/jaredhanson/passport-local ) are enough to get you started with username/password authentication. Let me know if you have any feedback or questions.
I was able to accomplish a REST-only interface to everyauth by overriding its handler methods: https://gist.github.com/2938492