This part of the documentation covers the interface of Django OAuth 2.0 Server.
authlib.integrations.django_oauth2.
AuthorizationServer
(client_model, token_model, generate_token=None, metadata=None)¶Django implementation of authlib.oauth2.rfc6749.AuthorizationServer
.
Initialize it with client model and token model:
from authlib.integrations.django_oauth2 import AuthorizationServer
from your_project.models import OAuth2Client, OAuth2Token
server = AuthorizationServer(OAuth2Client, OAuth2Token)
Validate authorization request and create authorization response.
Parameters: |
|
---|---|
Returns: | Response |
create_endpoint_response
(name, request=None)¶Validate endpoint request and create endpoint response.
Parameters: |
|
---|---|
Returns: | Response |
create_token_response
(request=None)¶Validate token request and create token response.
Parameters: | request – HTTP request instance |
---|
register_endpoint
(endpoint_cls)¶Add extra endpoint to authorization server. e.g. RevocationEndpoint:
authorization_server.register_endpoint(RevocationEndpoint)
Parameters: | endpoint_cls – A endpoint class |
---|
register_grant
(grant_cls, extensions=None)¶Register a grant class into the endpoint registry. Developers
can implement the grants in authlib.oauth2.rfc6749.grants
and
register with this method:
class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
def authenticate_user(self, credential):
# ...
authorization_server.register_grant(AuthorizationCodeGrant)
Parameters: |
|
---|
authlib.integrations.django_oauth2.
ResourceProtector
¶acquire_token
(request, scope=None, operator='AND')¶A method to acquire current valid token with the given scope.
Parameters: |
|
---|---|
Returns: | token object |
authlib.integrations.django_oauth2.
BearerTokenValidator
(token_model, realm=None)¶authenticate_token
(token_string)¶A method to query token from database with the given token string. Developers MUST re-implement this method. For instance:
def authenticate_token(self, token_string):
return get_token_from_database(token_string)
Parameters: | token_string – A string to represent the access_token. |
---|---|
Returns: | token |
request_invalid
(request)¶Check if the HTTP request is valid or not. Developers MUST re-implement this method. For instance, your server requires a “X-Device-Version” in the header:
def request_invalid(self, request):
return 'X-Device-Version' in request.headers
Usually, you don’t have to detect if the request is valid or not,
you can just return a False
.
Parameters: | request – instance of HttpRequest |
---|---|
Returns: | Boolean |
token_revoked
(token)¶Check if this token is revoked. Developers MUST re-implement this
method. If there is a column called revoked
on the token table:
def token_revoked(self, token):
return token.revoked
Parameters: | token – token instance |
---|---|
Returns: | Boolean |
authlib.integrations.django_oauth2.
RevocationEndpoint
(server)¶The revocation endpoint for OAuth authorization servers allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed.
Register it into authorization server, and create token endpoint response for token revocation:
from django.views.decorators.http import require_http_methods
# see register into authorization server instance
server.register_endpoint(RevocationEndpoint)
@require_http_methods(["POST"])
def revoke_token(request):
return server.create_endpoint_response(
RevocationEndpoint.ENDPOINT_NAME,
request
)
query_token
(token, token_type_hint, client)¶Query requested token from database.
revoke_token
(token)¶Mark the give token as revoked.
authlib.integrations.django_oauth2.
client_authenticated
¶Signal when client is authenticated
authlib.integrations.django_oauth2.
token_revoked
¶Signal when token is revoked
authlib.integrations.django_oauth2.
token_authenticated
¶Signal when token is authenticated