-
-
Notifications
You must be signed in to change notification settings - Fork 65
OAuth
This page describes how Django OAuth Toolkit (DOT) is integrated into the CLIST project and how to use the Authorization Code flow.
The Django OAuth Toolkit is already integrated into the CLIST project.
-
Installed App:
oauth2_provideris listed inINSTALLED_APPSinsrc/pyclist/settings.py. -
URLs: The DOT URLs are included in
src/pyclist/urls.pyunder the path/o/.
# src/pyclist/urls.py
path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')),-
Settings: Configuration for
OAUTH2_PROVIDERcan be found insrc/pyclist/settings.py.
# src/pyclist/settings.py
OAUTH2_PROVIDER = {
'DEFAULT_SCOPES': ['read'],
}The Authorization Code flow is the most common OAuth2 flow, used for server-side applications.
To use OAuth, you first need to register an application in the CLIST admin or via the DOT management endpoints (if enabled).
- Go to
/o/applications/register/. - Fill in the form:
- Name: Your application name.
-
Client type:
Confidential(for server-side apps) orPublic(for mobile/SPA). -
Authorization grant type:
Authorization code. -
Redirect uris: The URL where CLIST will redirect the user after authorization (e.g.,
https://your-app.com/callback).
- Save the application. Note down the
Client idandClient secret.
Redirect the user to the authorization endpoint:
GET /o/authorize/?response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>
-
client_id: Your application's Client ID. -
redirect_uri: One of the redirect URIs you registered.
The user will be prompted to log in (if not already) and authorize your application.
After authorization, CLIST will redirect the user back to your redirect_uri with a code parameter:
https://your-app.com/callback?code=<authorization_code>
Exchange this code for an access token by making a POST request to the token endpoint:
POST /o/token/
Parameters:
-
grant_type:authorization_code -
code: The code you received. -
redirect_uri: The same redirect URI used in step 2. -
client_id: Your Client ID. -
client_secret: Your Client Secret.
Response:
{
"access_token": "<access_token>",
"token_type": "Bearer",
"expires_in": 36000,
"refresh_token": "<refresh_token>",
"scope": "read"
}Use the access token to access protected resources. Pass the token in the Authorization header:
Authorization: Bearer <access_token>
- src/pyclist/settings.py: Main settings file.
- src/pyclist/urls.py: URL configuration.