Suggestion: Implement ApiAuthentication #25

asfaltboy opened this Issue Sep 2, 2012 · 14 comments


None yet
5 participants

We should add support for the ApiAuthentication by adding a mongoengine model that overrides this (from tastypie/

class ApiKey(models.Model):
        user = models.OneToOneField(User, related_name='api_key')
        key = models.CharField(max_length=256, blank=True, default='')
        created = models.DateTimeField(

        def __unicode__(self):
            return u"%s for %s" % (self.key, self.user)

        def save(self, *args, **kwargs):
            if not self.key:
                self.key = self.generate_key()

            return super(ApiKey, self).save(*args, **kwargs)

        def generate_key(self):
            # Get a random UUID.
            new_uuid = uuid.uuid4()
            # Hmac that beast.
            return, digestmod=sha1).hexdigest() 

Then it will be possible to use a specialized version of the following hook to authenticate against a mongoengine.django.auth.User object :

def create_api_key(sender, **kwargs):
        A signal for hooking up automatic ``ApiKey`` creation.
        if kwargs.get('created') is True:



mitar commented Oct 13, 2012

I am not sure if I understand this ticket? What is this? What is this ApiKey? What exactly does django-tastypie-mongoengine have to support?

Tastypie normally supports ApiKey Authentication. Every user has an api key, and authenticates to the system with this key. ApiKey is a unique id by the way.


mitar commented Oct 13, 2012

And why you cannot use this in django-tastypie-mongoengine?


mitar commented Oct 13, 2012

So I do not understand what are you asking here. Just to define some standard document for storing API keys?


mitar commented Oct 13, 2012

I checked a bit more and I do not agree that this should be an independent document. MongoDB should not be used in the same manner as relation-databases is used. So for this to really work nicely, API keys should be defined as fields in User document you are using. Not in separate document and then referencing it.

So it is not just a question of simply converting model to document, but maybe more creating a mixin which could be combined with MongoEngine-defined User document.

Anyway, pull request is welcome.


mitar commented Mar 29, 2013

Closing because no feedback.

@mitar mitar closed this Mar 29, 2013

For my project, I need to use apikey authentication in tastypie and I am wondering if it is (or will be) supported in this framework. To me, it is not important whether apikey is a separate document or not, I just need to know whether it is supported.


mitar commented Aug 15, 2013

Tastypie supports it. So try it.

Seraf commented Jul 3, 2014

Hello @mitar, sorry to re-open this issue, but I'm looking for using ApiKey feature of tastypie with the mongo part.
I totally agree that from a Mongo point of view, the api should be set in the user document.

I'm a little lost about the implementation of this feature.
Here is where I am :
I created a user class, and tried to use it in my settings : but I have an error "AUTH_USER_MODEL refers to model 'mongo_auth.MongoUser' that has not been installed"

Should I override the default mongo user and adding my custom fields like I'm trying to do ?
I'm lost.



mitar commented Jul 3, 2014

Yes, you should reference with AUTH_USER_MODEL your new model.

Seraf commented Jul 4, 2014

Thanks @mitar, it did the trick, I had other problems. Thanks for your help !

Seraf commented Jul 6, 2014

Sorry to annoy you again, but I hope it will help other coming to this issue to handle the apikey correctly ^^
I have a strange problem : when I do a User.objects.all() from my custom user class, it returns me no document (and I have a user in my User collection).
When I create a super user, it creates a user but using the default User class (provided by mongoengine).

I wrote a post on mongoengine group, but didn't had answers :(!topic/mongoengine-users/VTgbLXrXRco

As you can see in the file, I use my custom class :

Any idea ?

Thanks a lot


mitar commented Jul 8, 2014

Sorry, no idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment