need an example of doing authorization using django-tastypie

I am relatively new with Django and it's ecosystem. I am writing REST api for our mobile client using django-tastypie. I have gone through almost all the examples on the web about how to use tastypie for creating REST interfaces. but none of them are specific to POSTing the data from client and how would you authorize a client.

I used the from tastypie.authentication.BasicAuthentication as show in the example. It opens a pop up asking username and password and works fine on the browser. But I am not sure, if it will do the same thing on mobile (to be specific, native I开发者_StackOverflowOS app). I am not quite getting when a user will make a request to login how this popup will be shown there on his/her mobile device if he or she is not using the browser but the native app.

I am totally lost on this, I would really appreciate your help.

You can check out source and use for example ApiKeyAuthentication. You just have to POST username and api key to authentificate user.

It looks like usable for ios app. Here is the part of the checking code.

def is_authenticated(self, request, **kwargs):
    """
    Finds the user and checks their API key.

    Should return either ``True`` if allowed, ``False`` if not or an
    ``HttpResponse`` if you need something custom.
    """
    from django.contrib.auth.models import User

    username = request.GET.get('username') or request.POST.get('username')
    api_key = request.GET.get('api_key') or request.POST.get('api_key')

    if not username or not api_key:
        return self._unauthorized()

    try:
        user = User.objects.get(username=username)
    except (User.DoesNotExist, User.MultipleObjectsReturned):
        return self._unauthorized()

    request.user = user
    return self.get_key(user, api_key)

https://github.com/toastdriven/django-tastypie/blob/master/tastypie/authentication.py#L128 https://github.com/toastdriven/django-tastypie/blob/master/tastypie/authorization.py#L42

Thanks for the help.

I used similar approach mentioned by @Iurii. Here is my solution.

I wrote a class for handling the authentication and override is_authenticated method. and then I can use this class in Meta definition of tastypie resource classes.

    from tastypie.authentication import BasicAuthentication
    from tastypie.resources import Resource, ModelResource

    # class for handling authentication
    class MyAuthentication(BasicAuthentication):
        def is_authenticated(self, request, **kwargs):
            # put here the logic to check username and password from request object
            # if the user is authenticated then return True otherwise return False

    # tastypie resource class
    class MyResource(ModelResource):
        class Meta:
            authentication = MyAuthentication()

this will ensure a request to access the resource will go through your authentication code.