Authentication
Authentication is done with OpenID Connect, which is a simple identity layer on top of OAuth 2.0.
Plugins
We provide plugins for some popular OAuth frameworks. This is the recommended way of handling auth as it's simple to plug in and get started.
dubclub-allauth: Plugin to django-allauth which adds a provider for DubClub.
REST API requests
All requests to REST resource endpoints need to be authenticated, by providing an access token in the request header. Always keep access tokens safe and purge them if you suspect they've been compromised.
Here's an example request with a Bearer
token in the request header, using curl
:
Shell
curl https://dubclub.win/api/v1/subscription \
-H "Authorization: Bearer {token}"
References
RFC 6750: Using bearer tokens to access OAuth 2.0-protected resources.