问题
I have to write RESTFUL web-services with authentication in python using django framework which will be consumed by web based clients and mobile native apps (Android and IOS).
the simple example would be that user will log in using email and password, he fetches the api key and stores it on the mobile device and then use this api key for consuming further api's instead of giving user credentials again and again.
I am thinking of using TASTYPIE or Django piston for writing RESTFUL services but please suggest otherwise if you know any better solution.
But my main focus is on the authentication part. Should I use OAuth for implementing authentication or a simple Basic authentication over ssl with api-key in response would be enough.
回答1:
You can write RESTful web service with the python standard library, third party libraries are not absolutely necessary.
You should read more about what defines a RESTful service, and start implementing it yourself.
For what it's worth, I use cherrypy as a light framework in a few projects. It's simple and easy to use. The website even has a section about how to implement REST in your application.
回答2:
I've done it with the api key exchange, like you said and used SSL. Worked fine. There are some caveats to make https requests work right on Android.
private static HttpClient newHttpClient() {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new EasySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
return new DefaultHttpClient(ccm, params);
}
回答3:
I've used OAUTH2, which is simpler to implement than OAUTH, but needs SSL to actually make it secure.
Since I've used DJANGO REST Framework, you can find the setup, here.
来源:https://stackoverflow.com/questions/12015182/restful-web-services-consumed-by-web-and-native-mobile-apps-with-authentication