NO! - THERE IS RESTFUL METHOD OF AUTHENTICATION! Use OAuth2.
RFC6749. There are a bunch of server implementations for Django. Use one of them. On Wed, Mar 13, 2013 at 8:06 PM, Pratik Mandrekar <[email protected]> wrote: > Thank you for the response! > > As Nick & Jani have pointed out, I figured out that there is no RESTFul way > for authentication. Neither is there one good way all clients could access > the api i.e Browsers can use Session Based Authentication while Mobile > clients are better of using API based/digest authentication and passing user > information. > > If authentication is handled separately, tastypie (and Django Rest > Framework) provide a very good RESTful api for doing most things. For APIs > consumed by web client, SessionAuthentication works great. If the same APIs > are to be used by non-web clients, the authentication can be extended to > include multiple ways of authenticating. This ensures that multiple clients > can use the same API with only different ways of authentication. > > My work is still in progress and I'll update as I get to complete the > project in the next few week. > > Thanks, > > Pratik > > > On Wed, Mar 13, 2013 at 12:17 AM, Nick Apostolakis <[email protected]> > wrote: >> >> On 12/03/2013 01:06 μμ, Jani Tiainen wrote: >>> >>> >>> There is not exactly "RESTful way to authenticate", since after all REST >>> is just an architecture to represent different resources and thus it's >>> totally agnostic what comes to authentications and such. >>> >>> Simplest one (if you're use HTTP(S)) is to use basic/digest auth. Though >>> true REST is protocol agnostic (for example it could use unix sockets) >>> >>> Query authencation, a.k.a. API key, only one that you can do protocol >>> agnostic way. >>> >>> Cookie-based, for example posting credential query as POST (to create new >>> cookie) to /sessions/ url. Binds REST to HTTP(S) protocol again and DELETE >>> to /sessions/<session-id>/ to logout >>> >>> Personally, if working with Django and HTTP I would go for cookie based >>> auth since it would be natural. >>> >>> Otherwise API key isn't that bad option. >>> >> >> In my case I use Django and Tastypie. The whole thing works fine for non >> authenticated users and I would like to provide content for my registered >> users too. >> >> Would the best practice be to use Django login form to authenticate the >> user and then use Django authentication type (instead of api/key )with >> tastypie to access the content for registered users I am after? >> >> Thank you >> >> >> -- >> -------------------------------------------------------------- >> Nick Apostolakis >> e-mail: [email protected] >> Web Site: http://nick.oncrete.gr >> -------------------------------------------------------------- >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Django users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/django-users/nexi3WtCICI/unsubscribe?hl=en. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/django-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
