I have an Adobe Air mobile app that communicates with Django through TastyPie. To use the app, people must first register. Therefore, they must provide their email and password. Subsequently, they will be able to "enter." I thought it would be a better idea that after entering a successful combination of username and password, the api-key will be sent back to the mobile application where it will be cached, so the user "logged in".
Please tell me if you think that there is a better way to register and log in.
Inside Django, I have a UserRessource class that I use to register new users when sending data via POST:
class UserResource(ModelResource): class Meta: allowed_methods = ['get', 'post'] queryset = User.objects.all() resource_name = 'auth' authentication = Authentication() authorization = Authorization() fields = ['username', 'email'] def obj_create(self, bundle, request=None, **kwargs): username, email, password = bundle.data['username'], bundle.data['password'], bundle.data['password'], try: bundle.obj = User.objects.create_user(username, email, password) except IntegrityError: raise BadRequest('That username already exists') return bundle
It works very well.
But now I'm struggling with the actual login process. In my opinion, it would be better to send the username and password via GET (and https) to this ressource, and if they are correct, return the api key for the users. But is it possible? And is that clean? Typically, TastyPie will show all users currently in the database if you send a GET request to this resource. But I do not need this data, so I can somehow rewrite it. I already checked http://django-tastypie.readthedocs.org/en/v0.9.9/resources.html , but I can't get it to work. Is it even possible to overwrite this behavior?
So, the actual questions. What is the best way to “log in” to a user using ApiKeyAuthentication? And Is my approach correct and clean or do you have a better method? and do you have any examples for this case?
Thanks in advance!