Authentication

Authentication is done with OpenID Connect, which is a simple identity layer on top of OAuth 2.0.

Plugins

We provide plugins for some popular OAuth frameworks. This is the recommended way of handling auth as it's simple to plug in and get started.

dubclub-allauth: Plugin to django-allauth which adds a provider for DubClub.

All requests to REST resource endpoints need to be authenticated, by providing an access token in the request header. Always keep access tokens safe and purge them if you suspect they've been compromised.

Here's an example request with a Bearer token in the request header, using curl:

Shell

curl https://dubclub.win/api/v1/subscription \
  -H "Authorization: Bearer {token}"

References

RFC 6750: Using bearer tokens to access OAuth 2.0-protected resources.

Authentication

Plugins

REST API requests

Shell

References