I am making an ios app that requires a webservice. The webservice will be using an already-in-place and completely unchangeable (for my purposes) database that is handled by Django. I know how to set up the UI and develop apps in general, but how do I manage the backend side / client side for login? I noticed some people talking about TastyPie when I researched the topic but I am unsure about what exactly that entails. I've been using php for the rest of the service - would using TastyPie make me write it in some other language? Is TastyPie really necessary?
Furthermore, I saw someone say that one may just put a UIWebView and then take the cookie out of it when the login. Is that feasible? It sounds like the easiest option.
Thanks for any help!
Tastypie is just a Python Django framework to help developers write REST APIs easily.
Yes using Tastypie will make you write APIs in Python. Tastypie is not necessary to write REST APIs.
In your case since you can not change the database. I would suggest you to write REST API in Python Django and use django.auth login method after authenticating the credentials. login method will create the session key for you. You can send back that key in response and then pass that key to all the subsequent REST API calls. Do not use Tastypie for writing this API as Tastypie will require you to add some tables in the DB.
I will suggest AFNetworking as a library that is commonly used to communicate with REST services. There should be no need to change your existing server code. AFNetworking is on github.
There are also a ton of posts on StackOverflow about using AFNetworking. Pertaining to the specifics of logging in - look at this User Login With AFNetworking or search further.
Related
I want to create post request to a webapp that does not have API endpoints.
I want to be able to login, fetch data and post data. I have just stumbled upon GuzzleHttp, but HTTP alone is so hard. The webapp is a laravel application. How can I do this? Or is there elegant way of doing this?
Try Goutte. It uses Guzzle under the hood, but provides higher level interface to deal with web sites.
In my current work, I have to develop an intern REST API engine.
I have read the Roy Fielding thesis, documented myself, and I finally got something that works great easy to use, with high performance, corresponding to the Fielding REST spec.
There is only one point that I dont really know how to overcome : the security problem.
Again, I documented myself, and I wanted to use OAuth2.0 in my engine.
The problem is that I dont understand nothing at all how to use this protocol.
I dont understand how the consumer can connect himself and be recognized by the server.
I dont understand if I have to provide API key to my consumer(like Facebook, Twitter and Google make it) or if a token will automatically be generated if I send a login / password to the server
I dont know if I have to create my own OAuth2.0 server that provides keys, or if OAuth2.0 libraries are sufficient to provide security.
In fact, I dont understand nothing at all with OAuth2.0, and I need to learn. The problem is, every documentation that I try to read is like chinese, I didn't find an easy one, step by step that will help me with this.
That's why I post here, can you help me understanding a bit more OAuth2.0 and the secured authentication for API ?
I willingly didn't speak about the technologies, because I want to understand OAuth2.0 before applying it technically.
Thanks for all
The main problem with OAuth (both versions) is that you'll see a lot of talk about the three legged version. That is when you have user, a data-providing service and a consuming service, let's say a service that will create physical copies of your flickr photos. In this case the OAuth flow allows the user to tell flickr that the third party can access their data. This is not the scenario you are after, you are interested in 2-legged OAuth, see here for a description.
Of course you could look at other methods too. I've used HAWK in a number of REST/Hypermedia APIs and found it to be great to use in both nodejs and .NET server stacks.
Thank you for your answer, I studied a bit more OAUth2 en tried to implement it with 3 stragery : basic, clientPassword, bearer.
I created a new thread for an other problem, if you want to take part of it :
OAuth2 server creation with nodejs
I hope someone could help with this:
I am working on a php project and I need to implement the authentication of the application as a Service. I need to do something like Google where offers a Service to login in other applications using Google's Authentication Service (for example trello.com allows visitors to login with their google account).
I would like to clarify my mind, because I have no idea how to start it. I am using Symfony2 framework and I'm trying to work RESTFully, but basically what I need is just an idea of what I have to do or investigate to carry this out.
As the symfony Ecosystem is big, take a look at the FOSRestBundle for creating the API. Then there is the NelmioApiDocBundle for easy documentation of your REST-API. For authenticating you should consider OAuth, so take a look at the FOSOAuthServerBundle. With all three combined you can create a great API.
Also read this article, about REST APIs with Symfony2: The Right Way
I am using django allauth in a variety of application that i make and its awesome!
Right now, I am trying to develop a login process in two separate steps.
I have a client(mobile) social login with some provider(twitter, Facebook) and the client takes the oauth credentials and sends them back to the server.
That means, that i do not need to use the forms and the templates provided, since all that are handled just fine by the client already.
What i need, is to know what functions/views i need to call in order to avoid all the functions that need the request to work properly.
I hope that i explained in detail my issue.
Thank you in advance,
Michael.
I am working with an app that is querying a JSON API on a server running Drupal. I used this tutorial and have changed the code a bit to work with my program, but every request just sends me to the not authorized page that the server generates. Any ideas why?
Why not use the drupal ios sdk? https://github.com/organizations/workhabitinc
I guess you haven't set the permissions in the Drupal service.
First go to permissions, and set the desired ones for the modules you're using (I guess you're using the default ones that are included within the services module).
Next, go to Site Building->Services, and authentication. Check if you have any authentication module set, and if so, add the methods that you're using to that key.
At our company we've made several apps which uses Drupal (but using XMLRPC instead of JSON). So feel free to ask everytime you need :)