禁用或限制/ o /应用程序（django rest framework，oauth2） [英] Disable or restrict /o/applications (django rest framework, oauth2)

问题描述

我目前正在使用Django休息框架编写一个REST API，而oauth2用于认证（使用django-oauth-toolkit）。我非常高兴与他们，完全正是我想要的。

然而，我有一个问题。我将应用程序传递给生产，并意识到/ o / applications / view可能会有问题，这是所有人都可以访问的！
我发现自己在文档中看不到任何东西，当我尝试google时，我感到非常惊讶。有没有想过什么？

有些想法要做一个自定义视图，需要认证为超级用户（但这将是奇怪的，因为它会混合不同的认证，不是吗？），或添加一个虚拟路由到401或403视图到/ o / applications /。
但是这些声音对我来说非常诡异？这不是一个官方的最好的解决方案吗？如果我是第一个遇到这个问题的人，我会感到非常惊讶，我一定错过了一些...

感谢提前！

解决方案

找到解决方案

其实，/ o /是因为我有一个超级管理员会话打开。

一切都很棒，那么：）

I am currently writing a REST API using Django rest framework, and oauth2 for authentication (using django-oauth-toolkit). I'm very happy with both of them, making exactly what I want.

However, I have one concern. I'm passing my app to production, and realized there might be a problem with the /o/applications/ view, which is accessible to everyone! I found myself surprised to not see anything in the doc about it, neither when I try to google it. Did I miss something?

Some ideas where to either making a custom view, requiring authentication as super-user (but this would be weird, as it would mix different kind of authentication, wouldn't it?), or add a dummy route to 401 or 403 view to /o/applications/. But these sound quite hacky to me... isn't it any official "best" solution to do it? I'd be very surprised if I'm the first one running into this issue, I must have missed something...

Thanks by advance!

解决方案

Solution found!

In fact, the reason why /o/application was accessible, is because I had a super admin session open.

Everything is great, then :)

这篇关于禁用或限制/ o /应用程序（django rest framework，oauth2）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！