Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
django-social-connector
A Sample Django application for exchanging tokens with Instagram Basic Display API
Readme
A sample Django app for OAuth Token Exchange to support Instagram Basic Display API.
[!CAUTION] This app is not meant for production. It lacks certain security features and certain customization options which must be implemented based on the exact use case. It will only work in
DEBUG
mode, for development.
Use this app for development only and as a guide for adding your own token exchange backend endpoint.
Install from PyPi:
pip install django-social-connector
Add to INSTALLED_APPS:
# settings.py
INSTALLED_APPS = [
# ...
"social_connector",
# ...
]
INSTAGRAM_APP_ID
and INSTAGRAM_SECRET
settings:# settings.py
import os
INSTAGRAM_APP_ID = os.environ.get("INSTAGRAM_APP_ID")
INSTAGRAM_SECRET = os.environ.get("INSTAGRAM_SECRET")
Note: Your INSTAGRAM_SECRET
should be loaded and stored as a secret key. How to do that properly is outside the scope
of this guide and depends on your environment.
# urls.py
from django.urls import path
from social_connector.views import ig_token
urlpatterns = [
# ...
path('ig_token/', ig_token, name="ig_token"),
# ...
]
You can customize the path and the name as needed.
Make sure your frontend host is allowed for CORS requests in Django.
This app is for demonstration and development use only.
For production, create your own view in your own codebase.
For being Production ready, the endpoint should have at least the following additional safeguards:
Adding these features will bloat this minimal sample, especially when trying to reduce requirements. Implementation of some of these features also depend on your specific use case.
FAQs
A Sample Django application for exchanging tokens with Instagram Basic Display API
We found that django-social-connector demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.