django-oauth2-provider Documentation

Similar documents
Mobile Procurement REST API (MOBPROC): Access Tokens

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F

Protect Your API with OAuth 2. Rob Allen

DJOAuth2 Documentation

Using OAuth 2.0 to Access ionbiz APIs

Aruba Central Application Programming Interface

Integrating with ClearPass HTTP APIs

flask-jwt-simple Documentation

ovirt SSO Specification

f5-icontrol-rest Documentation

NIELSEN API PORTAL USER REGISTRATION GUIDE

GitHub-Flask Documentation

BlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide

Usage of "OAuth2" policy action in CentraSite and Mediator

The production version of your service API must be served over HTTPS.

INTEGRATION MANUAL DOCUMENTATION E-COMMERCE

The Django Web Framework Part VI

python-oauth2 Documentation

If the presented credentials are valid server will respond with a success response:

django-scaffold Documentation

django-ratelimit-backend Documentation

E POSTBUSINESS API Login-API Reference. Version 1.1

django-mama-cas Documentation

API Gateway. Version 7.5.1

Oracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( )

Bambu API Documentation

flask-jwt Documentation

Aruba Central APIs. Adolfo Bolivar April 2018

bzz Documentation Release Rafael Floriano and Bernardo Heynemann

flask-jwt-extended Documentation

PyCrest Documentation

yagmail Documentation

Oracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )

tally Documentation Release Dan Watson

JPX Data Cloud API Specifications

Building a Django Twilio Programmable Chat Application

Connexion Documentation

MyGeotab Python SDK Documentation

Red Hat 3Scale 2-saas

Salesforce IoT REST API Getting Started Guide

CacheControl Documentation

ClickToCall SkypeTest Documentation

Realtime API. API Version: Document Revision: 16 Last change:26 October Kwebbl Swiss Software House GmbH

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017

django-embed-video Documentation

NetIQ Access Manager 4.3. REST API Guide

Django Synctool Documentation

GPII Security. Washington DC, November 2015

wagtailtrans Documentation

Django IPRestrict Documentation

REST API Operations. 8.0 Release. 12/1/2015 Version 8.0.0

django-password-reset Documentation

django-avatar Documentation

Tutorial: Building the Services Ecosystem

Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras

Identity and Data Access: OpenID & OAuth

django-avatar Documentation

djangotribune Documentation

Gargoyle Documentation

Canonical Identity Provider Documentation

django-contact-form Documentation

ClearPass. ClearPass Extension Universal Authentication Proxy. ClearPass Extension Universal Authentication Proxy TechNote

Django Groups Manager Documentation

Yampy Documentation. Release 1.0. Yammer

wagtail-robots Documentation

[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol

django-push Documentation

sanction Documentation

tapioca-wrapper Documentation

The OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-30

How to set up VMware Unified Access Gateway with OPSWAT MetaAccess Client

External HTTPS Trigger AXIS Camera Station 5.06 and above

django-sticky-uploads Documentation

OAuth2 Autoconfig. Copyright

Django MFA Documentation

Tablo Documentation. Release Conservation Biology Institute

Login with Amazon. SDK for JavaScript v1.0 Reference

Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras

Web Based Single Sign-On and Access Control

TELIA OPERATOR SERVICE PLATFORM

django-openid Documentation

4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates

django-stored-messages Documentation

Django OAuth Toolkit Documentation

django-embed-video Documentation

Easy-select2 Documentation

ska Documentation Release Artur Barseghyan

Box Connector. Version 2.0. User Guide

Canadian Access Federation: Trust Assertion Document (TAD)

django-antispam Documentation

open-helpdesk Documentation

DCLI User's Guide. Data Center Command-Line Interface

Volante NACHA ISO20022 Validator AMI User Guide

django-storages Documentation

HKWirelessHD API Specification

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0

for Salesforce Question-to-Case Connector

AT&T Developer Best Practices Guide

Optimized Sales & Marketing Setup Guide

Cisco Firepower Threat Defense REST API Guide

Transcription:

django-oauth2-provider Documentation Release 0.2.7-dev Alen Mujezinovic Aug 16, 2017

Contents 1 Getting started 3 1.1 Getting started.............................................. 3 2 API 5 2.1 provider................................................. 5 2.2 provider.oauth2.............................................. 8 3 Changes 9 3.1 v 0.2................................................... 9 Python Module Index 11 i

ii

django-oauth2-provider Documentation, Release 0.2.7-dev django-oauth2-provider is a Django application that provides customizable OAuth2 authentication for your Django projects. The default implementation makes reasonable assumptions about the allowed grant types and provides clients with two easy accessible URL endpoints. (provider.oauth2.urls) If you require custom database backends, URLs, wish to extend the OAuth2 protocol as defined in Section 8 or anything else, you can override the default behaviours by subclassing the views in provider.views and add your specific use cases. Contents 1

django-oauth2-provider Documentation, Release 0.2.7-dev 2 Contents

CHAPTER 1 Getting started Getting started Installation $ pip install django-oauth2-provider Configuration Add OAuth2 Provider to INSTALLED_APPS INSTALLED_APPS = ( #... 'provider', 'provider.oauth2', ) Modify your settings to match your needs The default settings are available in provider.constants. Include the OAuth 2 views Add provider.oauth2.urls to your root urls.py file. url(r'^oauth2/', include('provider.oauth2.urls', namespace = 'oauth2')), 3

django-oauth2-provider Documentation, Release 0.2.7-dev Note: The namespace argument is required. Sync your database $ python manage.py syncdb $ python manage.py migrate How to request an access token for the first time? Create a client entry in your database Note: To find out which type of client you need to create, read Section 2.1. To create a new entry simply use the Django admin panel. Request an access token Assuming that you ve used the same URL configuration as above, your client needs to submit a POST request to /oauth2/access_token including the following parameters: client_id - The client ID you ve configured in the Django admin. client_secret - The client secret configured in the Django admin. username - The username with which you want to log in. password - The password corresponding to the user you re logging in with. Request $ curl -X POST -d "client_id=your_client_id&client_secret=your_client_secret&grant_ type=password&username=your_username&password=your_password" http://localhost:8000/ oauth2/access_token/ Response {"access_token": "<your-access-token>", "scope": "read", "expires_in": 86399, "refresh_token": "<your-refresh-token>"} This particular way of obtaining an access token is called a Password Grant. All the other ways of acquiring an access token are outlined in Section 4. Note: Remember that you should always use HTTPS for all your OAuth 2 requests otherwise you won t be secured. 4 Chapter 1. Getting started

CHAPTER 2 API provider provider.constants provider.constants.response_type_choices Settings OAUTH_RESPONSE_TYPE_CHOICES The response types as outlined by Section 3.1.1 provider.constants.scopes Settings OAUTH_SCOPES A choice of scopes. A detailed implementation is left to the developer. The current default implementation in provider.oauth2.scope makes use of bit shifting operations to combine read and write permissions. provider.constants.expire_delta Settings OAUTH_EXPIRE_DELTA Default datetime.timedelta(days=365) The time to expiry for access tokens as outlined in Section 4.2.2 and Section 5.1. provider.constants.expire_code_delta Settings OAUTH_EXPIRE_CODE_DELTA Default datetime.timedelta(seconds=10*60) The time to expiry for an authorization code grant as outlined in Section 4.1.2. provider.constants.delete_expired Settings OAUTH_DELETE_EXPIRED Default False 5

django-oauth2-provider Documentation, Release 0.2.7-dev To remove expired tokens immediately instead of letting them persist, set to True. provider.constants.enforce_secure Settings OAUTH_ENFORCE_SECURE Default False To enforce secure communication on application level, set to True. provider.constants.session_key Settings OAUTH_SESSION_KEY Default oauth Session key prefix to store temporary data while the user is completing the authentication / authorization process. provider.constants.single_access_token Settings OAUTH_SINGLE_ACCESS_TOKEN Default False To have the provider only create and retrieve one access token per user/client/scope combination, set to True. provider.forms class provider.forms.oauthform(*args, **kwargs) Form class that creates shallow error dicts and exists early when a OAuthValidationError is raised. The shallow error dict is reused when returning error responses to the client. The different types of errors are outlined in Section 4.2.2.1 and Section 5.2. exception provider.forms.oauthvalidationerror Exception to throw inside OAuthForm if any OAuth2 related errors are encountered such as invalid grant type, invalid client, etc. OAuthValidationError expects a dictionary outlining the OAuth error as its first argument when instantiating. Example class GrantValidationForm(OAuthForm): grant_type = forms.charfield() def clean_grant(self): if not self.cleaned_data.get('grant_type') == 'code': raise OAuthValidationError({ 'error': 'invalid_grant', 'error_description': "%s is not a valid grant type" % ( self.cleaned_data.get('grant_type')) }) The different types of errors are outlined in Section 4.2.2.1 and Section 5.2. provider.scope Default scope implementation relying on bit shifting. See provider.constants.scopes for the list of available scopes. 6 Chapter 2. API

django-oauth2-provider Documentation, Release 0.2.7-dev Scopes can be combined, such as "read write". Note that a single "write" scope is not the same as "read write". See provider.scope.to_int on how scopes are combined. provider.scope.check(wants, has) Check if a desired scope wants is part of an available scope has. Returns False if not, return True if yes. Example If a list of scopes such as READ = 1 << 1 WRITE = 1 << 2 READ_WRITE = READ WRITE SCOPES = ( (READ, 'read'), (WRITE, 'write'), (READ_WRITE, 'read+write'), ) is defined, we can check if a given scope is part of another: >>> from provider import scope >>> scope.check(read, READ) True >>> scope.check(write, READ) False >>> scope.check(write, WRITE) True >>> scope.check(read, WRITE) False >>> scope.check(read, READ_WRITE) True >>> scope.check(write, READ_WRITE) True provider.scope.names(scope) Returns a list of scope names as defined in provider.constants.scopes for a given scope integer. >>> assert ['read', 'write'] == provider.scope.names(provider.constants.read_ WRITE) provider.scope.to_int(*names, **kwargs) Turns a list of scope names into an integer value. >>> scope.to_int('read') 2 >>> scope.to_int('write') 6 >>> scope.to_int('read', 'write') 6 >>> scope.to_int('invalid') 0 >>> scope.to_int('invalid', default = 1) 1 2.1. provider 7

django-oauth2-provider Documentation, Release 0.2.7-dev provider.scope.to_names(scope) Returns a list of scope names as defined in provider.constants.scopes for a given scope integer. >>> assert ['read', 'write'] == provider.scope.names(provider.constants.read_ WRITE) provider.templatetags.scope provider.templatetags.scope.scopes(scope_int) Wrapper around provider.scope.names to turn an int into a list of scope names in templates. provider.utils provider.utils.deserialize_instance(model, data={}) Translate raw data into a model instance. provider.utils.get_code_expiry() Return a datetime object indicating when an authorization code should expire. Can be customized by setting settings.oauth_expire_code_delta to a datetime.timedelta object. provider.utils.get_token_expiry(public=true) Return a datetime object indicating when an access token should expire. Can be customized by setting settings.oauth_expire_delta to a datetime.timedelta object. provider.utils.long_token() Generate a hash that can be used as an application secret provider.utils.serialize_instance(instance) Since Django 1.6 items added to the session are no longer pickled, but JSON encoded by default. We are storing partially complete models in the session (user, account, token,...). We cannot use standard Django serialization, as these are models are not complete yet. Serialization will start complaining about missing relations et al. provider.utils.short_token() Generate a hash that can be used as an application identifier provider.views provider.oauth2 provider.oauth2.forms provider.oauth2.models provider.oauth2.urls provider.oauth2.views 8 Chapter 2. API

CHAPTER 3 Changes v 0.2 Breaking change Moved provider.oauth2.scope to provider.scope Breaking change Replaced the write scope with a new write scope that includes reading Default scope for new provider.oauth2.models.accesstoken is now provider.constants. SCOPES[0][0] Access token response returns a space seperated list of scopes instead of an integer value Made by Caffeinehit. 9

django-oauth2-provider Documentation, Release 0.2.7-dev 10 Chapter 3. Changes

Python Module Index p provider.constants, 5 provider.forms, 6 provider.scope, 6 provider.templatetags.scope, 8 provider.utils, 8 11

django-oauth2-provider Documentation, Release 0.2.7-dev 12 Python Module Index

Index C check() (in module provider.scope), 7 D DELETE_EXPIRED (in module provider.constants), 5 deserialize_instance() (in module provider.utils), 8 E ENFORCE_SECURE (in module provider.constants), 6 EXPIRE_CODE_DELTA (in module provider.constants), 5 EXPIRE_DELTA (in module provider.constants), 5 G get_code_expiry() (in module provider.utils), 8 get_token_expiry() (in module provider.utils), 8 L long_token() (in module provider.utils), 8 N names() (in module provider.scope), 7 O OAuthForm (class in provider.forms), 6 OAuthValidationError, 6 P provider.constants (module), 5 provider.forms (module), 6 provider.scope (module), 6 provider.templatetags.scope (module), 8 provider.utils (module), 8 R RESPONSE_TYPE_CHOICES (in module provider.constants), 5 S SCOPES (in module provider.constants), 5 scopes() (in module provider.templatetags.scope), 8 serialize_instance() (in module provider.utils), 8 SESSION_KEY (in module provider.constants), 6 short_token() (in module provider.utils), 8 SINGLE_ACCESS_TOKEN (in module provider.constants), 6 T to_int() (in module provider.scope), 7 to_names() (in module provider.scope), 7 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback