WEBVTT

00:00.150 --> 00:00.780
Hello everyone.

00:00.840 --> 00:02.330
And welcome back.

00:02.340 --> 00:08.040
In this lesson you will learn how to use the Django Rice staff package in order to expose the registration

00:08.130 --> 00:14.610
and authentication and POINTS FOR YOUR REST API is thanks to these endpoints clients such as Android

00:14.700 --> 00:21.360
and our U.S. applications will be able to easily and independently communicate with all the services

00:21.660 --> 00:23.760
provided by your web apps backend.

00:23.910 --> 00:26.350
The arrest to make learning easier.

00:26.370 --> 00:29.610
This lecture will be split in two parts time to code.

00:29.610 --> 00:32.430
Let's get started talking about authentication.

00:32.430 --> 00:36.030
The best place to start is Django as frameworks documentation.

00:36.240 --> 00:43.470
As you can see the default authentication schemes may be set globally once again using the default authentication

00:43.470 --> 00:50.250
classes within the last framework and dictionary in the setting stood by file as you can see by default.

00:50.250 --> 00:53.970
We've got basic authentication and A session authentication.

00:54.030 --> 00:59.430
And in this lesson we're going to add token authentication to the default authentication glasses that

00:59.430 --> 01:00.430
are available.

01:00.430 --> 01:05.280
We are clearly now going to make a lot of examples and talk a lot about talking authentication.

01:05.310 --> 01:10.600
But as you can see here from API reference you can always find further details.

01:10.670 --> 01:13.220
In case you feeling like you might need to.

01:13.290 --> 01:15.550
To implement token authentication.

01:15.600 --> 01:23.060
We can now copy the rest framework dictionary going to visit your code and as you can see here I have

01:23.060 --> 01:27.860
opened the settings stood by file and therefore I can just paste the dictionary.

01:28.190 --> 01:30.860
However we do not need basic authentication.

01:30.860 --> 01:38.380
Therefore we can just delete it and instead we can now add token authentication.

01:38.400 --> 01:42.830
We are keeping it in session authentication as well because this way we can still authenticate using

01:42.830 --> 01:49.760
the browser API because the browser API is clearly a web client and as we said the best authentication

01:49.760 --> 01:56.300
scheme to use with browser based clients is session authentication and it will then ring to see how

01:56.300 --> 02:01.790
to use token authentication in great detail by creating a simple client ourselves using the request

02:01.820 --> 02:02.840
module.

02:02.840 --> 02:09.650
And so because we want to use the token authentication scheme we need to go ahead and we've seen that

02:09.770 --> 02:11.210
installed obsolete still.

02:11.570 --> 02:21.700
We need to add risk framework dot of token and that's because we said that the talk is that we are using

02:21.730 --> 02:27.460
are going to be saved in the database and therefore we now need to apply the appropriate migration.

02:27.460 --> 02:37.630
So I'm going to quit the development server and now Python managed not by migrate and yada yada auth

02:37.630 --> 02:44.860
token migrations are applied and we can now go ahead and check the admin interface to find out that

02:44.860 --> 02:47.410
the token app has been added there as well.

02:47.410 --> 02:54.490
So look I lost slash admin going to log logging

02:57.200 --> 03:02.770
and then it is off to can that we can use to actually add new tokens.

03:03.020 --> 03:07.750
But of course this is all going to be managed automatically by Django framework.

03:07.940 --> 03:16.190
What we need to do now instead is to go ahead and install Django rest of which as we said is a very

03:16.190 --> 03:23.000
useful package that provides us registration and authentication and points for our arrest clients so

03:23.000 --> 03:27.220
people can start Django rest off.

03:27.530 --> 03:35.080
Like so and we can also install the requests module which we're going to need to create our clients.

03:35.120 --> 03:47.320
So people start requests perfect and we can also now update our requirements that GST file so people

03:48.160 --> 03:59.060
freeze requirements that these the perfect and we can now watch this one as well at least on installed

03:59.110 --> 04:03.920
absent so simply rest off.

04:03.940 --> 04:10.240
Let's now go to get you arrested by five of the project because of course we need to include dead points

04:10.240 --> 04:12.530
that are provided by the package.

04:12.550 --> 04:17.080
So first of all include Dan

04:20.440 --> 04:21.540
EPA.

04:21.660 --> 04:28.930
The rest also include rest was not your address.

04:29.090 --> 04:36.410
And considering that we're here we can also include January's frameworks you had us file to logging

04:36.470 --> 04:38.030
via browser API.

04:38.450 --> 04:49.920
So API off and yet clearly this is going to be rest framework no threat else.

04:50.070 --> 04:53.490
Now just to make everything more comprehensible.

04:53.580 --> 04:58.000
Let's have a look at the login view class that is part of the rest of the package.

04:58.530 --> 05:05.520
So from rest of that viewers import logging view.

05:05.700 --> 05:08.200
So let's go to the finisher.

05:08.250 --> 05:11.210
We see that it extends generic API view.

05:11.310 --> 05:13.890
Check the credentials return and the rest token.

05:14.040 --> 05:21.200
If the credentials are valid and authenticated it accepts user name and password the parameters of your

05:21.200 --> 05:22.000
post.

05:22.010 --> 05:26.650
And as we said clearly it returns the key that we need to authenticate.

05:26.670 --> 05:38.900
So let's close these files for now and let's create some clients instead of using the request module.

05:38.970 --> 05:45.960
And so we are going to create a new file and we can just call the two talking North test one token of

05:46.530 --> 05:48.490
just one dot pi.

05:48.510 --> 05:58.280
First of all we need to import the requests module then yeah we can define a client function.

05:58.650 --> 06:03.810
And considering that we're going to need to perform at in a virus that first of all as we said we are

06:03.810 --> 06:05.640
going to need our credentials.

06:05.640 --> 06:12.430
So that shows equals a dictionary with user name.

06:12.480 --> 06:21.430
In this case admin and password which is very complicated in this example.

06:21.450 --> 06:25.940
Again please remember to use strong and effective passwords in production.

06:26.130 --> 06:30.600
And with the credentials we can now make it post to request to the login and bind.

06:30.630 --> 06:34.990
So response equals requests to post.

06:35.010 --> 06:44.410
And first of all the endpoint which is h to be Andrew in 27 that's 0 0 that one forty eight thousand

06:44.700 --> 06:53.570
which is clearly the address where the development server is running and then the API rest of logging.

06:53.640 --> 07:02.370
Of course we also need to pass the data so our credentials data equals credentials.

07:02.420 --> 07:10.790
So let's now see what the API response as we first saw first of all let's create status code.

07:10.820 --> 07:21.530
So that was code equals response dot status code then response data equals and we see that indentation

07:21.530 --> 07:24.350
is slightly misaligned.

07:24.360 --> 07:29.290
So and So response data equals a response not Jason.

07:29.380 --> 07:33.750
And we can then print response data.

07:34.070 --> 07:46.020
Now if name equals mean just call our client.

07:46.420 --> 07:49.450
So first of all let's now run our development server

07:52.790 --> 07:56.630
and we're also going to need a second terminal to actually run our script.

07:56.630 --> 08:01.070
So I'm going to move inside the client folder.

08:01.070 --> 08:05.980
We see that we actually need to add another four words less by the end of the endpoint.

08:06.080 --> 08:07.780
And now we have everything up running.

08:07.820 --> 08:10.040
We can see what happens when executing our script.

08:10.070 --> 08:13.990
So Python took enough test 1 and awesome.

08:14.060 --> 08:15.380
Everything is expected.

08:15.380 --> 08:18.190
We get the status code 200 which means all.

08:18.230 --> 08:22.970
Okay and we get our token from syndicating apply it perfect.

08:22.970 --> 08:23.660
From now on.

08:23.690 --> 08:29.540
If we wanted to we could use this specific token to authenticate all the requests to work the api in

08:29.540 --> 08:35.240
order to access all the Web services provided by your web app including those required authentication

08:35.240 --> 08:35.990
of course.

08:35.990 --> 08:41.990
And this token it's been saved to the database as well so that the server can actually compare it to

08:41.990 --> 08:47.420
the one that we are going to send with each and every request in order of course to make all the system

08:47.570 --> 08:49.160
much more secure.

08:49.160 --> 08:54.570
Let's actually check the site administration talks and editors.

08:54.650 --> 08:59.960
And if you click on it you see that is associated with the same user whose credentials we've used of

08:59.960 --> 09:03.760
course to make the request in the first place.

09:03.830 --> 09:07.400
So let's test our newly acquired talking right away.

09:07.400 --> 09:09.290
I'm going to create a your class.

09:10.250 --> 09:16.400
So first of all use that by file and this new class is going to provide the least with all the profiles

09:16.430 --> 09:19.430
in our database only two authenticated users.

09:19.490 --> 09:30.890
So first of all from trademark import generics and then from risk framework dot permissions import is

09:31.940 --> 09:42.360
what's indicated then from profiles the models import profile and from profiles to the API dot lasers

09:42.770 --> 09:46.500
import profile sterilizer.

09:46.560 --> 09:53.840
Now class profile listed which is going to extend generics not list API view.

09:53.970 --> 10:05.220
We've where he said it was profile dot objects dot all see analyzer plus equals profile sterilizer.

10:05.280 --> 10:13.260
And permission classes equals is authenticated.

10:13.330 --> 10:15.880
Let's not create the appropriated point for the class.

10:16.120 --> 10:18.270
So you add else that's by.

10:18.510 --> 10:30.130
And so from Django with your rails import path from profiles dot API dot views import profile.

10:30.520 --> 10:36.570
And then your all partners equals it's always at least.

10:36.960 --> 10:47.500
And here path something simple like profiles and then we're going to call profile list dot s view with

10:47.520 --> 10:54.930
name equals profile lists and then of course we need to include this file within that main you arrested

10:54.930 --> 11:07.220
by PHI so you're path API include profiles dot API dot your else.

11:07.660 --> 11:15.330
And so let's now go back to that took an old test to one file and let's try to make an integrated request

11:15.330 --> 11:21.300
first towards our profile list and points I'm going to comment out credentials and response let's not

11:21.300 --> 11:22.620
make a get request.

11:22.680 --> 11:36.200
So response equals requests does get and the endpoint is this one API is less profiles.

11:36.380 --> 11:42.330
So let's now restart our development server like so that we can move back to the second terminal.

11:42.590 --> 11:49.040
Yeah listen I'll try to make a get request to the same endpoint without using dot indication token of

11:49.040 --> 11:55.040
course to see we get four or three what indication credentials we have not provided the request is rejected

11:55.130 --> 12:01.160
of course because we need to authenticate ourself in order to access the profiles least up and we can't

12:01.160 --> 12:08.000
do so by sending the indication to token in the authorization and then with every request and the request

12:08.000 --> 12:14.610
module makes the process really easy so I'm just going to define a variable talking H token Heather

12:14.910 --> 12:21.230
there's going to be a string but in front of the token itself we also need to define that token words

12:21.560 --> 12:26.560
remember this because this is how you define appropriate authorization either using a token in January's

12:26.570 --> 12:39.210
framework and then here we can define others equals authorization token each and we can now send the

12:39.210 --> 12:47.850
headers to get request and we can just do this like so and so now let's try to make the same request

12:48.090 --> 12:55.880
once again like so awesome this time the request as you can see is successful we get status code 200.

12:55.920 --> 12:56.610
Okay.

12:56.610 --> 13:02.640
And the least with the Jason File of each profile in our database and at the moment we only have to

13:02.640 --> 13:05.210
profile instances therefore we only see two.

13:05.220 --> 13:10.420
But that's more than enough to be satisfied for now and to really complete this lesser.

13:10.450 --> 13:16.710
Let's now check the same endpoint but this time using the browser API to remember and prove that we're

13:16.710 --> 13:19.910
actually using two different authentication schemes.

13:19.950 --> 13:26.580
So I'm just going to paste the endpoint like so and as expected it is at least we have profiles because

13:26.780 --> 13:31.710
we don't indicated indicated is that mean looking out making another request.

13:31.710 --> 13:34.990
Of course we get data authentication credentials were provided.

13:35.040 --> 13:35.810
Perfect.

13:35.820 --> 13:36.060
Okay.

13:36.090 --> 13:37.680
So that was it for this lesson.

13:37.680 --> 13:42.300
See you in the next election about Django rest of which is going to be really exciting because we are

13:42.300 --> 13:44.220
going to set up a registration and point.