0
我正努力理解oAuth2以在我的REST API中實現。我在後端使用DRF,併爲建立移動應用程序做出反應。我可以在DRF中創建用戶註冊和登錄,但是何時何地應該實際創建令牌。當用戶註冊或用戶登錄時,我是否必須創建令牌?我可能會得到負面投票,但我知道有些專家會啓發我。什麼時候應該使用oAuth生成令牌
用例是我有一個名爲foodie的移動應用程序,用戶可以在其中創建其帳戶和登錄。用戶也可以通過網絡登錄並創建帳戶。
我應該在哪裏實際地在我的代碼中實現oAuth令牌?
serializers.py
class UserCreateSerializer(ModelSerializer):
class Meta:
model = User
fields = [
'username',
'email',
'first_name',
'last_name',
'password',
'confirm_password'
]
extra_kwargs = {"password": {"write_only": True}}
def create(self, validated_data):
username = validated_data['username']
first_name = validated_data['first_name']
last_name = validated_data['last_name']
email = validated_data['email']
password = validated_data['password']
confirm_password = validated_data['password']
user_obj = User(
username = username,
first_name = first_name,
last_name = last_name,
email = email
)
user_obj.set_password(password)
user_obj.save()
return validated_data
class UserLoginSerializer(ModelSerializer):
# token = CharField(allow_blank=True, read_only=True)
username = CharField()
class Meta:
model = User
fields = [
'username',
'password',
# 'token',
]
extra_kwargs = {"password":{"write_only": True}}
def validate(self, data):
return data
views.py
class UserCreateAPI(CreateAPIView):
serializer_class = UserCreateSerializer
queryset = User.objects.all()
permission_classes = [AllowAny]
class UserLoginAPI(APIView):
permission_classes = [AllowAny]
serializer_class = UserLoginSerializer
def post(self, request, *args, **kwargs):
# access_token = AccessToken.objects.get(token=request.data.get('token'), expires__gt=timezone.now())
data = request.data
serializer = UserLoginSerializer(data=data)
if serializer.is_valid(raise_exception=True):
new_data = serializer.data
return Response(new_data, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
所以後NEW_DATA = serializer.data在UserLoginAPI,我應該這樣做,如果NEW_DATA: \t \t expire_seconds = oauth2_settings.user_settings [ 'ACCESS_TOKEN_EXPIRE_SECONDS'] \t \t作用域= oauth2_settings.user_settings [ 'SCOPES'] \t \t應用= Application.objects.get(名稱= 「美食家」) \t \t期滿= datetime.now()+ timedelta(秒= expire_seconds) \t \t =的access_token AccessToken.objects.create(用戶= NEW_DATA, \t \t \t \t \t \t \t \t \t \t \t \t應用=申請中, \t \t \t \t \t \t \t \t \t \t \t \t標記= generate_token(), \t \t \t \t \t \t \t \t \t \t \t \t期滿=期滿, \t \t \t \t \t \t \t \t \t \t \t \t範圍=作用域) \t \t如果ACCESS_TOKEN: 或什麼? – Serenity