Skip to content
Aleksey Ropan edited this page Dec 8, 2025 · 2 revisions

Django OAuth Toolkit Integration

This page describes how Django OAuth Toolkit (DOT) is integrated into the CLIST project and how to use the Authorization Code flow.

Integration Details

The Django OAuth Toolkit is already integrated into the CLIST project.

# src/pyclist/urls.py
path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
# src/pyclist/settings.py
OAUTH2_PROVIDER = {
    'DEFAULT_SCOPES': ['read'],
}

Authorization Code Flow

The Authorization Code flow is the most common OAuth2 flow, used for server-side applications.

1. Register an Application

To use OAuth, you first need to register an application in the CLIST admin or via the DOT management endpoints (if enabled).

  1. Go to /o/applications/register/.
  2. Fill in the form:
    • Name: Your application name.
    • Client type: Confidential (for server-side apps) or Public (for mobile/SPA).
    • Authorization grant type: Authorization code.
    • Redirect uris: The URL where CLIST will redirect the user after authorization (e.g., https://your-app.com/callback).
  3. Save the application. Note down the Client id and Client secret.

2. Request Authorization

Redirect the user to the authorization endpoint:

GET /o/authorize/?response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>
  • client_id: Your application's Client ID.
  • redirect_uri: One of the redirect URIs you registered.

The user will be prompted to log in (if not already) and authorize your application.

3. Exchange Code for Token

After authorization, CLIST will redirect the user back to your redirect_uri with a code parameter:

https://your-app.com/callback?code=<authorization_code>

Exchange this code for an access token by making a POST request to the token endpoint:

POST /o/token/

Parameters:

  • grant_type: authorization_code
  • code: The code you received.
  • redirect_uri: The same redirect URI used in step 2.
  • client_id: Your Client ID.
  • client_secret: Your Client Secret.

Response:

{
    "access_token": "<access_token>",
    "token_type": "Bearer",
    "expires_in": 36000,
    "refresh_token": "<refresh_token>",
    "scope": "read"
}

4. Make Authenticated Requests

Use the access token to access protected resources. Pass the token in the Authorization header:

Authorization: Bearer <access_token>

Code References

Clone this wiki locally