Disable or restrict /o/applications (django rest framework, oauth2)

2024/11/15 22:49:18

I am currently writing a REST API using Django rest framework, and oauth2 for authentication (using django-oauth-toolkit). I'm very happy with both of them, making exactly what I want.

However, I have one concern. I'm passing my app to production, and realized there might be a problem with the /o/applications/ view, which is accessible to everyone! I found myself surprised to not see anything in the doc about it, neither when I try to google it. Did I miss something?

Some ideas where to either making a custom view, requiring authentication as super-user (but this would be weird, as it would mix different kind of authentication, wouldn't it?), or add a dummy route to 401 or 403 view to /o/applications/. But these sound quite hacky to me... isn't it any official "best" solution to do it? I'd be very surprised if I'm the first one running into this issue, I must have missed something...

Thanks by advance!

Answer

Use only base urls: authorize/, token/, revoke_token/

from oauth2_provider.urls import base_urlpatterns, app_nameurlpatterns = [...,  # some other urls# oauth2 urlspath('o/', include((base_urlpatterns, app_name), namespace=app_name)
]

Instead of using all urls, as in official example:

    path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
https://en.xdnf.cn/q/71736.html

Related Q&A

find command with exec in python subprocess gives error

Im trying to execute the following command using subprocess module (python)/usr/bin/find <filepath> -maxdepth 1 -type f -iname "<pattern>" -exec basename {} \;But, it gives the fo…
READ MORE...

Tensorflow import error on Pycharm (Mac)

Error msg (check the screenshot picture please):ImportError: cannot import name symbol_databaseError importing tensorflow. Unless you are using bazel, you should not try to import tensorflow from its …
READ MORE...

ssl.SSLCertVerificationError for flask application OAuth login with keycloak

I have referred a sample hello-world flask app integrated with key-cloak login from https://gist.github.com/thomasdarimont/145dc9aa857b831ff2eff221b79d179a My client-secrets.json is as follows: {"…
READ MORE...

Need to transfer multiple files from client to server

Im recently working on a project in which Im basically making a dropbox clone. The server and client are working fine but Im having a slight issue. Im able to transfer a single file from the client to …
READ MORE...

pyplot bar charts with individual data points

I have data from a control and treatment group. Is matplotlib able to create a bar chart where the bar height is the mean of each group overlaid with the individual data points from that group? Id lik…
READ MORE...

python only works with sudo

My python 2.7 script works on my Ubuntu system if I call it using sudo python [filename].pyor from a bash script using sudo ./[bashscriptname].shBut if I call it from Pycharm I get oauth errors, and fr…
READ MORE...

Forbidden (CSRF token missing or incorrect) Django error

I am very new to Django. The name of my project is rango and I have created a URL named /rango/tagger that is supposed to send an object. In my java-script, I have tried to communicate with this route …
READ MORE...

How to update artists in scrollable, matplotlib and multiplot

Im trying to create a scrollable multiplot based on the answer to this question: Creating a scrollable multiplot with pythons pylabLines created using ax.plot() are updating correctly, however Im unabl…
READ MORE...

Sending Keys Using Splinter

I want to test an autocomplete box using Splinter. I need to send the down and enter keys through to the browser but Im having trouble doing this. I am currently finding an input box and typing tes int…
READ MORE...

Split lists within dataframe column into multiple columns [duplicate]

This question already has answers here:Split a Pandas column of lists into multiple columns(13 answers)Closed 3 years ago.I have a Pandas DataFrame column with multiple lists within a list. Something l…
READ MORE...
Latest Q&A

Copyright @ 2022~2023