Django REST Framework - 来自外部供应商的 OAuth2 Consumer API [英] Django REST Framework - OAuth2 Consumer API from external provider

问题描述

我正在尝试授权用户使用 Oauth2 从我的 Django REST 框架 API 访问某些资源.

I am trying to authorize users to access some resources from my Django REST framework API using Oauth2.

大多数关于 Oauth2 和 API 的答案都涉及使 API 成为提供者.

Most answers about Oauth2 and API deal with making the API a provider.

但我计划与许多 REST API 共享一个 Oauth2 提供程序，我不知道如何使用它(不知道如何提供 Oauth2).

But I plan to share an Oauth2 provider with many REST APIs, and I can't figure out how to consume it (not how to provide Oauth2).

我不知道用户如何登录提供者 SSO，然后将其令牌传递给我的消费 API，后者必须针对我的提供者对用户进行身份验证(取回其信息，主要是授权).

I have no idea how a user can log in on the provider SSO, and then communicate its token to my consuming API, which must authenticate users against my provider (getting back its information, mainly authorizations).

有没有人知道如何从 Django REST framework 使用 Oauth2?

Does anyone have a clue on how to consume Oauth2 from Django REST framework?

图:

[User] -> [My API] <-> [Oauth2 provider (with django-oauth-provider)] <-> [Active Directory/any ]

[User] -> [My API] <-> [Oauth2 provider (with django-oauth-provider)] <-> [Active Directory / anything ]

推荐答案

在 https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/authentication.py#L290 这似乎是不可能的.django-rest-framework 在内部访问提供者的数据库表以检查令牌并使用这些数据对请求进行身份验证.

Looking at the code at https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/authentication.py#L290 it seems just not possible. The django-rest-framework internally accesses provider's database tables to check for tokens and authenticates requests using these data.

对我来说，这完全违背了 OAuth 的目的，但我们走了.

Which for me kinda defeats the purpose of OAuth at all, but here we go.

这篇关于Django REST Framework - 来自外部供应商的 OAuth2 Consumer API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！