In my Django Rest Framework application, a Token is generated for every user that logs in using third party OpenID authentication, using signals. Now I can use this token (By manually going to database and grabbing the token) to make API calls to the view that have authentication_classes = (TokenAuthentication,).
Can someone explain me how can I provide this token to the user securely when the (OpenID) login was successful.
Django Rest Framework supports something like:
from rest_framework.authtoken import views
urlpatterns += [
url(r'^api-token-auth/', views.obtain_auth_token)
]
But, this obtain_auth_token view only supports post request which takes username and password, which is not the case with my application.
Please correct me if there are any flaws in my workflow.
Your interpretation of the problem is pretty logical.
As pointed out in comments, using jwt is one option. Json Web Tokens (JWT) will convert the information into the specified encoding and then you can decode for the token value for further requests.
import jwt
encoded = jwt.encode(
{
'open_id_token': '<open_id_token_value>'
},
'<some_random_secret>',
algorithm='HS256'
)
print encoded
decoded = jwt.decode(encoded)
print decoded
> {'open_id_token': '<open_id_token_value>'}
this option uses library directly and securely converts your OpenID token which you can share with your user.