This is the documentation of the development version, check the Stable Version documentation.

API References of Django OAuth 2.0 Server

This part of the documentation covers the interface of Django OAuth 2.0 Server.

class authlib.integrations.django_oauth2.AuthorizationServer(client_model, token_model, generate_token=None, metadata=None)

Django implementation of authlib.oauth2.rfc6749.AuthorizationServer. Initialize it with client model and token model:

from authlib.integrations.django_oauth2 import AuthorizationServer
from your_project.models import OAuth2Client, OAuth2Token

server = AuthorizationServer(OAuth2Client, OAuth2Token)
create_authorization_response(request=None, grant_user=None)

Validate authorization request and create authorization response.

Parameters:
  • request – HTTP request instance.
  • grant_user – if granted, it is resource owner. If denied, it is None.
Returns:

Response

create_endpoint_response(name, request=None)

Validate endpoint request and create endpoint response.

Parameters:
  • name – Endpoint name
  • request – HTTP request instance.
Returns:

Response

create_token_response(request=None)

Validate token request and create token response.

Parameters:request – HTTP request instance
register_endpoint(endpoint_cls)

Add extra endpoint to authorization server. e.g. RevocationEndpoint:

authorization_server.register_endpoint(RevocationEndpoint)
Parameters:endpoint_cls – A endpoint class
register_grant(grant_cls, extensions=None)

Register a grant class into the endpoint registry. Developers can implement the grants in authlib.oauth2.rfc6749.grants and register with this method:

class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
    def authenticate_user(self, credential):
        # ...

authorization_server.register_grant(AuthorizationCodeGrant)
Parameters:
  • grant_cls – a grant class.
  • extensions – extensions for the grant class.
class authlib.integrations.django_oauth2.ResourceProtector
acquire_token(request, scope=None, operator='AND')

A method to acquire current valid token with the given scope.

Parameters:
  • request – Django HTTP request instance
  • scope – string or list of scope values
  • operator – value of “AND” or “OR”
Returns:

token object

class authlib.integrations.django_oauth2.BearerTokenValidator(token_model, realm=None)
authenticate_token(token_string)

A method to query token from database with the given token string. Developers MUST re-implement this method. For instance:

def authenticate_token(self, token_string):
    return get_token_from_database(token_string)
Parameters:token_string – A string to represent the access_token.
Returns:token
request_invalid(request)

Check if the HTTP request is valid or not. Developers MUST re-implement this method. For instance, your server requires a “X-Device-Version” in the header:

def request_invalid(self, request):
    return 'X-Device-Version' in request.headers

Usually, you don’t have to detect if the request is valid or not, you can just return a False.

Parameters:request – instance of HttpRequest
Returns:Boolean
token_revoked(token)

Check if this token is revoked. Developers MUST re-implement this method. If there is a column called revoked on the token table:

def token_revoked(self, token):
    return token.revoked
Parameters:token – token instance
Returns:Boolean
class authlib.integrations.django_oauth2.RevocationEndpoint(server)

The revocation endpoint for OAuth authorization servers allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed.

Register it into authorization server, and create token endpoint response for token revocation:

from django.views.decorators.http import require_http_methods

# see register into authorization server instance
server.register_endpoint(RevocationEndpoint)

@require_http_methods(["POST"])
def revoke_token(request):
    return server.create_endpoint_response(
        RevocationEndpoint.ENDPOINT_NAME,
        request
    )
query_token(token, token_type_hint, client)

Query requested token from database.

revoke_token(token)

Mark the give token as revoked.

authlib.integrations.django_oauth2.client_authenticated

Signal when client is authenticated

authlib.integrations.django_oauth2.token_revoked

Signal when token is revoked

authlib.integrations.django_oauth2.token_authenticated

Signal when token is authenticated