The quick login/no registration of stackoverflow is one of its finest features. I'm just curious if there's an off-the-shelf solution for providing this service.
Has anybody seen anything?
It's called OpenID. Anybody can define an OpenID, and anybody can use any OpenID for authentication. Visit http://openid.net/ for details.
Related
I'm looking to set up a SAML using OneLogin. I would like to authenticate using OneLogin's python package python3-saml or onelogin and then connect to Jira API using Jira package.
As of now, I couldn't find any documentation on how to go about this.
Does anyone have any example they can share with me on achieving this type of authentication or provide me some useful links to read up on this topic?
Thank you very much!!
I recently started developing an app and wanted to address authentication from the start.
My only requirement was the identification of users and authentication methods like "Sign-In with google". Implementing it myself is usually not a good idea when it comes to security topics. Therefore I wanted to start my first attempt with the most known service, KeyCloak. The more I became familiar with KeyCloak, the more dissatisfied I became. It's very heavyweight. Difficult to understand. I don't need most of the features and a test integration is tricky.
So now i'm here writing this post and asking for your opinion.
Is there a better and lightway alternative to keycloak?
Should i implement it (f. e. JWT) by myself?
Should i dig deeper into the keycloak docu?
Thanks for your help :)
I just watched this video about why JWT's suck. I'm now uncertain what I should use for authentication.
For context: The API I wrote is mainly used by mobile Apps (iOS and Android). In the future it will also be accessed via a React Frontend.
In the past I just used DRF's build in Token authentication. The phone would then just store this token in the storage of the respective app.
Now I've recently been told, that this is not safe and that I should use JWT's. While researching JWT's I found the video above, which elaborates on why JWT's suck and basic session authentication is better. But as far as I know, when used as an API I can't use session authentication with DRF, can I?
So my question is? What tools of DRF would you suggest to use for authentication, so that it's safe?
Thank you in advance if anyone answers this question!
Edit: Someone privately suggested using O-Auth instead of DRF's tokens or JWT's. Would that be better?
Take a look at django-oauth-toolkit for OAuth 2
So here is my duplicate of the question on security stackexchange. The man #rdegges himself has answered it. Enjoy! https://security.stackexchange.com/questions/184855/django-rest-framework-what-should-i-use-for-authentication-how-should-i-use-it/184950#184950
This is my first question in SO, sorry if it's poorly structured.
I'm a relative noob developer trying to make a REST Api with Token Authentication. I already made one with Flask and I want to make the same one with the help of CherryPy. The problem is that I'm quite lost finding some sort of plugin for CherryPy, I'm either blind or I just can't find examples nor plugins in order to make the token authentication. Could someone help me? Any info or advice will be of great help :)
This is what I achieved with Flask https://github.com/themese/flask-api
Really my problem is that with Flask and Cherrypy i found the same issue with the token auth, but with various SO posts and wiki info, I managed to code the token auth. I just seem not to be able to reporduce it with Cherrypy, perhaps the lack of info :(
I realize this post is a little old, but I would recommend you look at implementing tokens with JWT. You should use the PyJWT package and create a CherryPy Tool for route authentication & authorization checks.
Another method would be to generate a token using something like a uuid4 hex and persisting that token in your db.
I'd recommend you investigate JWT and how to implement it properly - Auth0.com.
I am a noob too. probably more so. Just trying to help.
From the docs:
Authentication
CherryPy provides support for two very simple authentication mechanisms, both described in RFC 2617: Basic and Digest. They are most commonly known to trigger a browser’s popup asking users their name and password.
link: http://docs.cherrypy.org/en/latest/basics.html#authentication
I want my Nancy site to accept Google/Facebook/OpenID authentication.
Are there any existing solutions for this?
There are work in progress by myself and members of our community. I am working on implementing the OAuth 2.x specification and then we're ironing out the implementations for Facebook/Twitter (not sure if anyone looked at Google) authentication.