I have set up OAuth 2.0 as described by Ian Alexander using tastypie, django-oauth2-provider, and https://github.com/ianalexander/django-oauth2-tastypie/blob/master/src/authentication.py
This works splendidly on my local server
class AllowGetAuthentication(OAuth20Authentication):
def is_authenticated(self, request, **kwargs):
""" If GET, don't check auth, otherwise fall back to parent """
if request.method == "GET":
return True
else:
return super(AllowGetAuthentication, self).is_authenticated(request, **kwargs)
class BaseModelResource(ModelResource):
class Meta:
allowed_methods = ['get', 'post']
always_return_data = True
authentication = AllowGetAuthentication()
authorization = DjangoAuthorization()
When running this on our hosted development server, however, all POSTs come back HTTP/1.1 401 UNAUTHORIZED
I've attempted the following tests to no avail:
(1) replace
DjangoAuthorization()
with
Authorization()
(2) replace
return super(AllowGetAuthentication, self).is_authenticated(request, **kwargs)
with
return True
(3) create a wrapper for all the api urls that is csrf exempt
The only things that has worked was to implement #1 and #2 at the same time (ie bypass authentication AND authorization) which seems to indicate it's not just a deny all at the webserver level.
Any thoughts here are appreciated!
It was an apache issue Add this line to your site conf file
WSGIPassAuthorization On