Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Disable or restrict /o/applications (django rest framework, oauth2)

I am currently writing a REST API using Django rest framework, and oauth2 for authentication (using django-oauth-toolkit). I'm very happy with both of them, making exactly what I want.

However, I have one concern. I'm passing my app to production, and realized there might be a problem with the /o/applications/ view, which is accessible to everyone! I found myself surprised to not see anything in the doc about it, neither when I try to google it. Did I miss something?

Some ideas where to either making a custom view, requiring authentication as super-user (but this would be weird, as it would mix different kind of authentication, wouldn't it?), or add a dummy route to 401 or 403 view to /o/applications/. But these sound quite hacky to me... isn't it any official "best" solution to do it? I'd be very surprised if I'm the first one running into this issue, I must have missed something...

Thanks by advance!

like image 202
termux Avatar asked Nov 09 '22 21:11

termux


1 Answers

Solution found!

In fact, the reason why /o/application was accessible, is because I had a super admin session open.

Everything is great, then :)

like image 184
termux Avatar answered Nov 15 '22 05:11

termux