[英]Authentication for API Based on Django App
I currently have a Django web app, and am now creating an iOS app that needs to hook into the same database. 我目前有一个Django Web应用程序,现在正在创建一个需要挂接到相同数据库的iOS应用程序。 So, I am creating an python API from my Django app.
所以,我正在从我的Django应用程序创建一个python API。 I don't know how to handle authentication from the iOS app to this Python API...?
我不知道如何处理从iOS应用到此Python API的身份验证...? I want to just put Django's
@login_required
decorator on each of my API views (as I do for the web app part) but am not sure how to do that since the iOS client isn't sending over a User
object. 我只想将Django的
@login_required
装饰器放在我的每个API视图上(就像我在Web应用程序部分中所做的那样),但是由于iOS客户端不会通过User
对象进行发送,因此不确定如何执行此User
。 What should I do? 我该怎么办?
I have tried making my own decorator that looks for a username
and password
in the client's request, but I think that's probably very dumb on my part as I don't now how to keep the username/password secret and that username/password data is then visible in the URL. 我曾尝试制作自己的装饰器,以在客户端的请求中查找
username
和password
,但我认为这可能很愚蠢,因为我现在不知道如何将用户名/密码保密,而用户名/密码数据是然后在网址中可见。 Any ideas/help would be greatly appreciated! 任何想法/帮助将不胜感激!
There is nothing wrong or hacky with rolling your own API views and using a basic authentication decorator, but it might be worth investing a little bit of time (perhaps 2-3 hours of tinkering) to learn Django REST Framework. 滚动自己的API视图并使用基本的身份验证装饰器没有错,但是这样做值得花一点时间(也许要花2-3个小时进行修补)来学习Django REST Framework。
Django REST Framework is one of the better Python packages in existence (right up there with Requests) and has a huge community, so if you get stuck, StackOverflow will be by your side. Django REST Framework是现有的更好的Python软件包之一(就在Requests上),并且拥有庞大的社区,因此,如果遇到麻烦,StackOverflow将在您身边。 It offers authentication (ie, prove who you are / login) and authorization (ie, specific access permission controls).
它提供身份验证 (即证明您是谁/登录)和授权(即特定的访问权限控制)。 But, I highly recommend doing the full tutorial .
但是,我强烈建议您阅读完整的教程 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.