Merken

How to make a full fledged REST API with Django OAuth Toolkit

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
ch
OK and ready for the next talk then and this is do eco-friendly that use a C. + + and Python developer of an over and and he's going to talk about how to make a full-fledged REST API Django and it will still be there
highly hi everyone so the the goal of this talk is to show you how to create an arrest API protected read
want to but not 1st I want to tell you you should know how to do it and I I want to tell you about a a story so let me introduce you through the
use of a small
small and simple application the trend tracker which he of course a web application that in practice that allows the users to to track the time they spend on their activities and at the beginning of the 1st I had what I had to choose to pick 1 2 which was Django can they have 1 single big projects and I deployed it once and everything was fine more or less but has he he used to seeing the times they are changing and what has changed actually was friend and front-end development has changed a lot but sorry but today we have a lot of web the web front-end frameworks and allows you to create amazing front-end applications and they had their own development to date to to test in Toronto the update the application and so they are completely completely separate applications and you high also had to support multiple devices and which means used to support different browsers in different platforms might not you should we we should look like I should also the take care of the in the magic of the applications so and the doctor with a lot of projects and I had a 10 2nd began art interactive Web which is the front-end web front-end applications hand the Android Project EIS project and the desktop application you know for those deal that desktop and moreover there are third-party services wants to connect but might have 10 2nd application that I want to of send me data they want to read data from my time tracker applications so what happens in the back-end application was what seems like an application there is a service that exposes an amazing a reliable REST API and this is the rest of the agenda generous framework and general all to key so those are the most it and these are the the models so they are really really simple there is the activity and the
time and which is in the model that allows us to drop the user at the time the user spend on a an activity or a task and these are the end points now I want to create you have on the most left corner the view around this guess it'd be meted supported and the semantic meaning all the said so for example the 1st role the i is less API flesh activities if you send requests get back a list of the available activities all right to create the end point I need you to I the need to show how old generous framework
uh works in I hope in less than 5 minutes so the 1st thing you have to do is to
summarize your data and this is really really straightforward in general thing once you can use this base cost serializer and this just like general forms of so you just defined the fields you need and add some code to restore all create at the instance of the model from its stabilizing representation and then you can use easily the serializer up and you'll get there a dictionary representation of your object on our Of course this is by think codes which
should you the full every model of you the application the can avoid to write the code using models which allows you to just specify which would which is the model you are your serializing you want to say now we have to create the views of the endpoints and why do we need all we need of course to
respect and the semantic meaning and Bob we should take care of the user at indication and also of we should take care of Commission checks and also sometimes object-level permissions are sometimes you need to paginate your and points because you get a lot of ourselves and also you want maybe to hand the response a request for marketing to support for example Jason XML younger so this is a lot of stuff by contrast he can't use generous framework goes
generous framework is really as a lot of settings that allows you to customize its behavior it's default behavior of these are just of a small example of the 1st ones allows you to define which he the class that takes care of user authentication and then we have the default permission class so if you're not in your you won't get and anything just for world 4 1 4 3 sorry and default renderer and by so for the for my for the formant so while we need to create the the end point you can use the API view-based class provided by generous framework are which allows you to add some code to the 100 meters and this class will use this base class we use the the seconds the
we see here too Greek to realize to create an end point with the current behavior with the behavior you want and what but the code it is really really easy to understand the art we have the queries to retrieve all the activities we serialize by queries that and read on the surprise and response and of course is the easiest 1 so you it can you have to repeat this called 44 and points but you can't avoid the to write the score using the generic transmissive you provided the generous framework of hand here you just need to specify which of the 2 chapter though the which is the base queries that and the serializer class you want to use of term also have built-in Rosabel API provided by generous framework which we are going to see at the end of the talk so far and the next step is how would you that arise client applications I mean you your applications like the time tracking all of Android and kind traffic by US they need to out rise they need to be up to rise to talk to the things Recognition API and also there are third-party officer wants to access your users that so you need an authorization but usually there were some eterization engine behind all if you don't have
all of if you don't have the use of out there rization ng and these are the problems with that you're going to to face 1st of all you have to store the 1st solution without the authorization framework has to store the user password in the application which is not a good of course of because the application just a fluke gets a full access to the user account and if the user if the user wants to revoke his password it was through all the excess starting to the application she has to change his password so comparable also compromise adapts can expose the user the user password and the end user make this is the solution and the faults to authorization framework so how they think that works and I want to explain how it works using this simple use case so imagine that there is a strong fighting streaming music streaming service that wants to connect with the Time Tracker replication or so the various users can track their listening activities on the tracker applications
these are the actors this terminology is that is the same year is in
indeed in the all too I see and just trying to translate this term studio to these use cases so the results on it is of course you know resource server is the Time Tracker were API and the authorization server in this case is the same as the rest was service and the client is the assigned the fire applications I didn't want to explain you what the all to quantization framework defines full of the flows of 4 of diarization flows I want to show you our names 1 of these rules work this is the most popular 1 and the authorization code flow so the 1st step is 1 the client registers we get musician 7 and the authorization server brought supplying client provides a client and the client secret the client of course is the song if I applications so there is someone at some you find them phrase sample goes to develop adopt and tracker . com had developed applications and it gets that a client EEG and the client secret key the 2nd step that is when the sun if I application redirects the user to this 10 interactive application via if user agent yeah its browser for it for instance and next so the tracker application out in case the user and obtains the outer risation term communicate with the Sun application from the user nowadays MIT and track of the Kuhn-Tucker application redirects the user back to the sun if I application without authorization going and weight which is later exchange of 4 interlocking and the token can be used by the client to what indicates the requests had to do that in general we jungle toolkit of course we supports in general from 1 . 4 to 1 . 7 presents 2 and 3 and it is used on top of what to leave out uh which actually is a really great library and takes care of compliance with the RFC we just wrote some glue code and its
integration with John got is really really easy you're on body all to provide an application to the study that's odd our or our new house to your and you can create AP and point using our generic protected resource you and you know you have any API an endpoint which is presented with all to now that at times but with but trees included so we have the ability to use to sorry to reduce so registered developed ups and a
former you for the user 40 user odorization it is integrated with generous framework you just need to switch the default at dentition classes with the 1 provided by general breakage and now I want
to show you how how it works and so on all these are the steps of the we're going to the authorization 1st we're going to create on developer application that we are going what went well haven't to simulate the but the step when the user is redirected to the authorization and point so
here you can see this all 1 of the building the use of that to reduce certain you develop applications say create new applications
beyond the name here you have your client ID and clients secret he can choose base or details from the all too the book from the to framework of anyway I got my son applications ready here it is so all we can just he has this
1 too step 1 the
song 5 application as redirecting the user agent of the users to the authorization of form but 1st the user has to of the entity and now then thank the the application is asking for my authorization and we doubts arise of course OK of course this should be the euro out of the client application so some of from for example now we can take this out there is additional just constituent court here and we are going to exchange the code to obtain a token here is the response there the token and the token can be used to the create of appropriate request with this header socialization Bureau with that can so just I want to show you that I'm not lying if I try to get a list of the
activities just tell me that I'm missing yet indications friends young traditional what if I use when you token I can get back the release of the activities so and the so the future plans for general to keep the office of boss all
at once time may be od support for the opening from the the hottest see the book really don't know costs you have to read but the paper and the bad news she through stories stories support for 4 the the applications storage so we need some help and thanks to the so to
any questions please anyone the that was thank you for your talk my question is can we use the same framework will post links on with them now that general to keep actually is the implementation of the server-side part of the of the 2 of the specifications so if you want to uh sense to creature you need the kind a client-side implementation of the of 2 the RSC we go to a
transition between your your examples of the some of the presentations of was always the same as the actual service with you to occur can you make to services like can you separate out the authorization part actually now we have to walk to keep the resource server and authorization server separated yes uh by maybe you know you can't actually you have to write some more code to keep ghettoisation 7 and the richness server separated hi so 1 quick question is so if you want to expose directly I definitely resources differently from lecture model definition can simply handle that industry relies on class so you don't have to use the John where you know about that yes it was just use serializer days if if you if your data is for example more would be just right you know you just use the serializer of this class to write your own serialization and it just works you have to write some more called by it works it is OK OK thank you I will right so you don't have what are you using for object ownership sorry object ownership so the how do you say the subject belongs to the future and I only showed the use of the request coming from the fusion of some of this is the object level permission the right that you are using any competent for them I we're just filtering that of where it's it's uh looking out there are actually OK we sometimes you which we can get that which ease the user bound to the talk and a and with the with the user reasons you can think of the ways that this is a solution really simple solution is not any more questions I
thank thank you very much you you you you you
Code
REST <Informatik>
Softwareentwickler
Computeranimation
REST <Informatik>
Computeranimation
Lesen <Datenverarbeitung>
Subtraktion
Browser
Weg <Topologie>
Web-Applikation
Interaktives Fernsehen
Kartesische Koordinaten
Dienst <Informatik>
Systemplattform
Framework <Informatik>
Computeranimation
W3C-Standard
Benutzerbeteiligung
Informationsmodellierung
Front-End <Software>
Front-End <Software>
Verweildauer
Softwareentwickler
Softwaretest
REST <Informatik>
Einfach zusammenhängender Raum
Humanoider Roboter
REST <Informatik>
Dienst <Informatik>
Twitter <Softwareplattform>
Projektive Ebene
Task
Arithmetisches Mittel
Metropolitan area network
Informationsmodellierung
Sichtenkonzept
Mailing-Liste
Patch <Software>
Modelltheorie
Framework <Informatik>
Computeranimation
Informationssystem
Sichtenkonzept
Selbstrepräsentation
Datenmodell
Kartesische Koordinaten
Extrempunkt
Code
Computeranimation
Endogene Variable
REST <Informatik>
Objekt <Kategorie>
Metropolitan area network
Bildschirmmaske
Informationsmodellierung
Datenfeld
Codierung
Serielle Schnittstelle
Automorphismus
Instantiierung
Punkt
Zwei
Klasse <Mathematik>
Code
Framework <Informatik>
Computeranimation
Endogene Variable
REST <Informatik>
Eins
Formale Semantik
Arithmetisches Mittel
Metropolitan area network
Menge
Endogene Variable
Meter
Vererbungshierarchie
Volumenvisualisierung
Authentifikation
Kontrast <Statistik>
Indexberechnung
Automorphismus
Default
Punkt
Klasse <Mathematik>
Kartesische Koordinaten
Term
Code
Framework <Informatik>
Computeranimation
Metropolitan area network
Mailing-Liste
Client
Front-End <Software>
Gruppe <Mathematik>
Endogene Variable
Datenreplikation
Passwort
Passwort
Physikalischer Effekt
Autorisierung
Mathematisierung
Datentransfer
Abfrage
Humanoider Roboter
Mustererkennung
Objektklasse
Office-Paket
Dienst <Informatik>
Anpassung <Mathematik>
Datenerfassung
Client
Serielle Schnittstelle
Resultante
Server
Gewicht <Mathematik>
Browser
Interaktives Fernsehen
Kartesische Koordinaten
Kombinatorische Gruppentheorie
Term
Code
Framework <Informatik>
Computeranimation
Weg <Topologie>
Client
Geometrische Quantisierung
Code
Stichprobenumfang
Programmbibliothek
COM
Autorisierung
REST <Informatik>
Schlussregel
Datenfluss
Dienst <Informatik>
Client
Server
Datenfluss
Schlüsselverwaltung
Innerer Punkt
Beobachtungsstudie
Softwareentwickler
Punkt
Klasse <Mathematik>
Kartesische Koordinaten
Framework <Informatik>
Computeranimation
Integral
Netzwerktopologie
Metropolitan area network
Bildschirmmaske
Ultraviolett-Photoelektronenspektroskopie
Skalarprodukt
Default
Autorisierung
Metropolitan area network
Softwaretest
Punkt
Code
Kartesische Koordinaten
Extrempunkt
Softwareentwickler
Computeranimation
Metropolitan area network
Client
Kartesische Koordinaten
Framework <Informatik>
Computeranimation
Autorisierung
Domain <Netzwerk>
Datentyp
Vorzeichen <Mathematik>
Kartesische Koordinaten
Mailing-Liste
Code
Computeranimation
Office-Paket
Metropolitan area network
Client
Bildschirmmaske
Softwaretest
Benutzerschnittstellenverwaltungssystem
Code
Momentenproblem
Total <Mathematik>
Endogene Variable
Indexberechnung
E-Mail
Große Vereinheitlichung
Offene Menge
Kartesische Koordinaten
Speicher <Informatik>
Hilfesystem
Computeranimation
Umwandlungsenthalpie
Autorisierung
Klasse <Mathematik>
Gruppenoperation
Implementierung
Kombinatorische Gruppentheorie
Code
Framework <Informatik>
Computeranimation
Übergang
Objekt <Kategorie>
Informationsmodellierung
Dienst <Informatik>
Rechter Winkel
Mereologie
Server
Serielle Schnittstelle
Computeranimation
Gammafunktion

Metadaten

Formale Metadaten

Titel How to make a full fledged REST API with Django OAuth Toolkit
Serientitel EuroPython 2014
Teil 50
Anzahl der Teile 120
Autor Frenguelli, Federico
Lizenz CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/20036
Herausgeber EuroPython
Erscheinungsjahr 2014
Sprache Englisch
Produktionsort Berlin

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract synasius - How to make a full fledged REST API with Django OAuth Toolkit World is going mobile and the need of a backend talking with your apps is getting more and more important. What if I told you writing REST APIs in Python is so easy you don’t need to be a backend expert? Take generous tablespoons of Django, mix thoroughly with Django REST Framework and dust with Django OAuth Toolkit to bake the perfect API in minutes.
Schlagwörter EuroPython Conference
EP 2014
EuroPython 2014

Ähnliche Filme

Loading...