我在django应用中的哪里对dwolla的用户进行身份验证？

Question

I've never really worked with APIs, JSON, or OAUTH, and I'm trying to use Dwolla for payments in my website. Since I've never seen the process of authenticating users with oauth, I'm having a hard time trying to figure out what I need to put and especially where I need to put it. The documentation available for dwolla doesn't make much sense for me. I even did the codecademy.com lessons pretty easily and still have no idea where to begin when trying to use it in my django project. I use django-registration to allow users to register on my website, so am I supposed to authenticate users with oauth when they register for my site so that they are assigned an oauth token? Do I send a user to the auth url with a link within my templates, or with code in a view? Do I need to create a new model with a Foreign Key field to associate it with my users? I'm really at a loss as to what this process should look like and how exactly Dwolla's API is interacting with my django app. This is the documentation from dwolla for python, and this is the documentation for oauth with dwolla. I even tried reading this oauth guide to get an idea of what's going on. The oauth2 overview on github gives an example for using twitter's API, but that left me more confused becasue it is specific to twitter's API. Also, do I need to install anything other than oauth2 and dwolla? I know all the pieces are there, I just am having a very hard time understanding how they fit together. Can anyone clarify the steps I need to take, or at least does anyone have a good tutorial for an absolute beginner to oauth and APIs? Thanks in advance for any help.

Answer 1

You can authenticate a user anywhere in your Django app that is convenient for you. A good place is on a page where the user may be editing their account details.

In order to actually write the code, you can put away any oAuth documentation from Twitter or wherever. oAuth isn't a code base like jQuery that you need to learn how to use. Its just set of guidelines as to how developers could allow their users' accounts talk to their accounts on other sites and trust that its the same user.

The core idea is that site #1 (in this case, Dwolla) gives site #2 (your site) a token , often some encrypted string of text, eg, !432d8dk*dfas&&3, that can be used to more or less log in the user to site #1 while they are on site #2. More accurately, the token gives permissions that the user agrees to during the site #1 log in for site #2 to access parts of their site #1 account.

Here's a checklist of things to do to wire up the authentication of each user on your site with their account on Dwolla's site. This is based on Dwolla's python API posted on Github . Note this is for a Flask and not a Django app.

1. Register your app with Dwolla so you can get your public and private key (listed as _keys.apiKey, _keys.apiSecret on Dwolla's oAuth example )
2. Indicate the redirect URL, oauth_return_url which is where Dwolla will redirect the user when they are done logging in on Dwolla.
3. (optional, but likely a good idea so the user only has to go through the oAuth/login on Dwolla's site once) store the token , which is specific for the user that logged in on Dwolla's site, in your database.