From aa92736d7214cb8986721df4c3d2a3cc3a0a9dba Mon Sep 17 00:00:00 2001 From: aaronykng Date: Mon, 27 Mar 2017 07:19:11 -0700 Subject: [PATCH 1/3] Added drfpasswordless to authentication topic page. --- docs/api-guide/authentication.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index 4a01188f3..8e6c9d89b 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -356,6 +356,27 @@ HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a [Django-rest-knox][django-rest-knox] library provides models and views to handle token based authentication in a more secure and extensible way than the built-in TokenAuthentication scheme - with Single Page Applications and Mobile clients in mind. It provides per-client tokens, and views to generate them when provided some other authentication (usually basic authentication), to delete the token (providing a server enforced logout) and to delete all tokens (logs out all clients that a user is logged into). +## drfpasswordless + +[drfpasswordless][drfpasswordless] adds passwordless support to Django Rest Framework's own TokenAuthentication scheme. Users log in and sign up with a token sent to a contact point, either an email address or a mobile number. + +#### Example + + curl -X POST -d "email=aaron@example.com" localhost:8000/auth/email/ + +User receives an email: + + .. +

Your login token is 123456

+ .. + +The client has 15 minutes to provide the correct token in exchange for an authentication token (provided by Django Rest Framework's Token Authentication). + + curl -X POST -d "token=815381" localhost:8000/callback/auth/ + + > HTTP/1.0 200 OK + > {"token":"76be2d9ecfaf5fa4226d722bzdd8a4fff207ed0e”} + [cite]: http://jacobian.org/writing/rest-worst-practices/ [http401]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2 [http403]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4 @@ -396,3 +417,4 @@ HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a [django-rest-auth]: https://github.com/Tivix/django-rest-auth [django-rest-framework-social-oauth2]: https://github.com/PhilipGarnero/django-rest-framework-social-oauth2 [django-rest-knox]: https://github.com/James1345/django-rest-knox +[drfpasswordless]: https://github.com/aaronn/django-rest-framework-passwordless From 10d8ad601caf36ef980c9b5bc37439bef18b4ea0 Mon Sep 17 00:00:00 2001 From: aaronykng Date: Mon, 27 Mar 2017 07:27:46 -0700 Subject: [PATCH 2/3] Added drfpasswordless to third party packages topic page. --- docs/topics/third-party-packages.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/topics/third-party-packages.md b/docs/topics/third-party-packages.md index d092e163e..933924d3b 100644 --- a/docs/topics/third-party-packages.md +++ b/docs/topics/third-party-packages.md @@ -190,6 +190,7 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque * [djoser][djoser] - Provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. * [django-rest-auth][django-rest-auth] - Provides a set of REST API endpoints for registration, authentication (including social media authentication), password reset, retrieve and update user details, etc. * [drf-oidc-auth][drf-oidc-auth] - Implements OpenID Connect token authentication for DRF. +* [drfpasswordless][drfpasswordless] - Adds (Medium, Square Cash inspired) passwordless logins and signups via email and mobile numbers. ### Permissions @@ -330,3 +331,4 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque [drf-oidc-auth]: https://github.com/ByteInternet/drf-oidc-auth [drf-serializer-extensions]: https://github.com/evenicoulddoit/django-rest-framework-serializer-extensions [djangorestframework-queryfields]: https://github.com/wimglenn/djangorestframework-queryfields +[drfpasswordless]: https://github.com/aaronn/django-rest-framework-passwordless From 0400cbbc4cd20dc7f70a077600e240c504900341 Mon Sep 17 00:00:00 2001 From: aaronykng Date: Mon, 27 Mar 2017 12:08:07 -0700 Subject: [PATCH 3/3] Added drfpasswordless to Authentication docs --- docs/api-guide/authentication.md | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index 8e6c9d89b..2344c68e3 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -358,24 +358,7 @@ HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a ## drfpasswordless -[drfpasswordless][drfpasswordless] adds passwordless support to Django Rest Framework's own TokenAuthentication scheme. Users log in and sign up with a token sent to a contact point, either an email address or a mobile number. - -#### Example - - curl -X POST -d "email=aaron@example.com" localhost:8000/auth/email/ - -User receives an email: - - .. -

Your login token is 123456

- .. - -The client has 15 minutes to provide the correct token in exchange for an authentication token (provided by Django Rest Framework's Token Authentication). - - curl -X POST -d "token=815381" localhost:8000/callback/auth/ - - > HTTP/1.0 200 OK - > {"token":"76be2d9ecfaf5fa4226d722bzdd8a4fff207ed0e”} +[drfpasswordless][drfpasswordless] adds (Medium, Square Cash inspired) passwordless support to Django REST Framework's own TokenAuthentication scheme. Users log in and sign up with a token sent to a contact point like an email address or a mobile number. [cite]: http://jacobian.org/writing/rest-worst-practices/ [http401]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2