This part of the documentation covers the interface of Django OAuth 2.0 Server.
Django implementation of authlib.oauth2.rfc6749.AuthorizationServer
.
Initialize it with client model and token model:
from authlib.integrations.django_oauth2 import AuthorizationServer
from your_project.models import OAuth2Client, OAuth2Token
server = AuthorizationServer(OAuth2Client, OAuth2Token)
Validate authorization request and create authorization response.
request – HTTP request instance.
grant_user – if granted, it is resource owner. If denied, it is None.
Response
Validate endpoint request and create endpoint response.
name – Endpoint name
request – HTTP request instance.
Response
Validate token request and create token response.
request – HTTP request instance
Validate current HTTP request for authorization page. This page is designed for resource owner to grant or deny the authorization.
Add extra endpoint to authorization server. e.g. RevocationEndpoint:
authorization_server.register_endpoint(RevocationEndpoint)
endpoint_cls – A endpoint class
Register a grant class into the endpoint registry. Developers
can implement the grants in authlib.oauth2.rfc6749.grants
and
register with this method:
class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
def authenticate_user(self, credential):
# ...
authorization_server.register_grant(AuthorizationCodeGrant)
grant_cls – a grant class.
extensions – extensions for the grant class.
A method to acquire current valid token with the given scope.
request – Django HTTP request instance
scopes – a list of scope values
token object
A method to query token from database with the given token string. Developers MUST re-implement this method. For instance:
def authenticate_token(self, token_string):
return get_token_from_database(token_string)
token_string – A string to represent the access_token.
token
The revocation endpoint for OAuth authorization servers allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed.
Register it into authorization server, and create token endpoint response for token revocation:
from django.views.decorators.http import require_http_methods
# see register into authorization server instance
server.register_endpoint(RevocationEndpoint)
@require_http_methods(["POST"])
def revoke_token(request):
return server.create_endpoint_response(
RevocationEndpoint.ENDPOINT_NAME,
request
)
Query requested token from database.
Mark the give token as revoked.
Signal when client is authenticated
Signal when token is revoked
Signal when token is authenticated