python - User Sessions in an oauth2 django app -
i utilize django, django rest framework , ember.js; entire application thereforce communicates via ajax.
authentication done via oauth2 , token send in headers within every request.
everythings nice , shiny file downloads.
at 1 point users can download pdf , don't know how apply authentication there - because on file download cannot send , headers, it's link.
i thought of adding sessionauthentication particular rest api call, session flags incoming user anyonymous.
how can forcefulness django create session on top of oauth2 token flow?
i tried login(request, user), somehow not kick in.
i ended signed tickets, e.g. send token, able bypass auth defined timeframe. hence ajax app can first request token , fire 1 time again standard request token attached.
here's basic idea, mixin views:
class downloadablemixin(): """ manages ticket response, ticket signed response gives user limited access resource time frame of 5 secs. therefore, file downloads can request ticket resource , gets ticket in response can utilize non-ajax file-downloads. """ max_age = 5 def check_ticket(self, request): signer = timestampsigner() try: unsigned_ticket = signer.unsign(request.query_params['ticket'], max_age=self.__class__.max_age) except signatureexpired: homecoming false except badsignature: homecoming false if self.get_requested_file_name() == unsigned_ticket: homecoming true homecoming false def get_ticket(self): signer = timestampsigner() homecoming signer.sign(self.get_requested_file_name()) def has_ticket(self, request): homecoming 'ticket' in request.query_params def requires_ticket(self, request): homecoming 'download' in request.query_params def get_requested_file_name(self): raise notimplementederror('extending classes must define requested file name.') python django session
No comments:
Post a Comment