This is the documentation of the development version, check the Stable Version documentation.

Protect Resources

Protect users resources, so that only the authorized clients with the authorized access token can access the given scope resources.

A resource server can be a different server other than the authorization server. Here is the way to protect your users’ resources:

from django.http import JsonResponse
from authlib.integrations.django_oauth1 import ResourceProtector
require_oauth = ResourceProtector(Client, TokenCredential)

@require_oauth()
def user_api(request):
    user = request.oauth1_credential.user
    return JsonResponse(dict(username=user.username))

The require_oauth decorator will add a oauth1_credential to request parameter. This oauth1_credential is an instance of the Token model.