简体繁体 English

在Django 2.x中使用django-oauth-toolkit

[英]Using django-oauth-toolkit with Django 2.x

原文 2018-08-14 02:36:16 9 1 python/ django/ oauth-2.0/ django-rest-framework/ django-2.0

I've built a web application using django 2.0 and django-rest-framework. 我已经使用django 2.0和django-rest-framework构建了一个Web应用程序。 In my web app, I've been using django-rest-framework's SessionAuthentication . 在我的Web应用程序中，我一直在使用django-rest-framework的SessionAuthentication 。

I'm in the early stages of building out a supporting mobile app and based on my findings so far, there's a lot of value in doing the extra work to implement some sort of OAuth authentication: 我正处于构建支持的移动应用程序的早期阶段，根据到目前为止的发现，进行额外的工作以实现某种OAuth身份验证有很多价值：

I was hoping to use django-oath-toolkit for this, but I noticed in the docs that there's no django 2.x support. 我希望为此使用django-oath-toolkit ，但我在文档中注意到没有django 2.x支持。 I want to avoid refactoring my app using django 1.x, so two questions: 我想避免使用django 1.x重构应用程序，因此有两个问题：

Has anyone used django-oath-toolkit successfully for django 2.x? 是否有人成功将django-oath-toolkit用于django 2.x？ (It appears that at least some people have tried it .) Am I exposing my app to security risks if I go this route? （似乎至少有人尝试过它。）如果我走这条路线，是否会使我的应用暴露于安全风险下？
Are there any alternatives to django-oath-toolkit? django-oath-toolkit是否有替代品？ Or am I wrong in my conclusion that a secure mobile application needs to use OAuth for authentication? 还是我的结论认为安全的移动应用程序需要使用OAuth进行身份验证是错误的？ (That conclusion was primarily drawn via this Stack Overflow answer .) （该结论主要是通过此Stack Overflow答案得出的。）

1 个解决方案

The docs might be out of date. 该文档可能已过时。 If you look at official repo release notes, you can see it supports django 2.x starting from 1.2.0 如果您查看正式的回购发行说明，则可以看到它从1.2.0开始支持django2.x。

Ref: https://github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md#120-2018-06-03 参考： https : //github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md#120-2018-06-03