Feature/72 authentication frameworkgoogle #104
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
As per request from some people I'm going to explain how to test the PR. I've used the extension ModHeader to introduce the header Authorization. You simply add the header, the name should be Authorization and the value should be "JWT access_token" (without the ". The token is created in /api/auth/jwt/create). To test each endpoint, simply search it. If it's a post action, introduce the parameters it needs if it asks for them and click post. The endpoints may ask for the authorization header. Make sure the Authorization header is only used when needed, it may break other websites. |
auroranavas
previously requested changes
Mar 17, 2024
auroranavas
approved these changes
Mar 18, 2024
pabpercab1
approved these changes
Mar 18, 2024
JuanluRM
approved these changes
Mar 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refactored authentication system to use Djoser, a authentication library compatible with Rest Framework.
The following working endpoints were introduced:
get /api/auth/users/me/
Needs: header: Authorization=JWT access_token
Action: List the user with the associated access_token
get: /api/auth/users/
Needs: header: Authorization=JWT access_token
Action: List the users if the access_token's user has permission
post: /api/auth/users/
Needs: Add parameters
Action: Create user
post /api/auth/jwt/create
Needs: Add parameters
Action: Create access_token and refresh_token
post /api/auth/jwt/refresh
Needs: add refresh_token
Action: Create new access_token and refresh_token
post /api/auth/blacklist
Needs: Add refresh_token
Action: Blacklist refrest_token, needed for logout.
Research "2–4) Logging out and blacklisting tokens" in for more information in the react implementation of logout
get /api/auth/o/google-oauth2/?redirect_uri=http://127.0.0.1:8000/api/redirect-social/
Action: Returns authorization_url which directs to google login.
get authoriation_url
Action: Loging in redirects to /api/redirect-social which returns a 'code' and a 'state'
post /api/auth/o/google-oauth2/?state=state&code=code
Needs: Returns access, refresh and user
Action: The user created is not enabled because it lacks id_number. To activate it see next post.
post /api/auth/activate/
Needs: header: Authorization=JWT access_token
Action: Activate the user associated to the access_token if it has an id_number
This PR changes the User model to use the default Django user as base.