Skip to content
This repository

Django OAuth 2.0 Server App. Please fork and improve!

tag: draft-16-0.3.1

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 docs
Octocat-spinner-32 examples
Octocat-spinner-32 oauth2app
Octocat-spinner-32 .gitignore
Octocat-spinner-32 CONTRIBUTORS.txt
Octocat-spinner-32 LICENSE.txt Initial commit. June 23, 2011
Octocat-spinner-32 MANIFEST.in
Octocat-spinner-32 README.rst
Octocat-spinner-32 setup.py
README.rst

Installation

Install latest stable version into your python path using pip.

pip install oauth2app

Introduction

The oauth2app module helps Django site operators provide an OAuth 2.0 interface. The module is registered as an application.

In settings.py, add 'oauth2app' to INSTALLED_APPS.

INSTALLED_APPS = (
    ...,
    'oauth2app'
)

Sync the DB models.

python manage.py syncdb

In urls.py, add /oauth2/authorize and /oauth2/token views to a new or existing app.

urlpatterns += patterns('',
    (r'^oauth2/missing_redirect_uri/?$',   'mysite.oauth2.views.missing_redirect_uri'),
    (r'^oauth2/authorize/?$',                'mysite.oauth2.views.authorize'),
    (r'^oauth2/token/?$',                    'oauth2app.token.handler'),
)

Create client models.

from oauth2app.models import Client

Client.objects.create(
    name="My Sample OAuth 2.0 Client",
    user=user)

Create authorize and missing_redirect_uri handlers.

from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect
from django.template import RequestContext
from django.contrib.auth.decorators import login_required
from oauth2app.authorize import Authorizer, MissingRedirectURI, AuthorizationException
from django import forms

class AuthorizeForm(forms.Form):
    pass

@login_required
def missing_redirect_uri(request):
    return render_to_response(
        'oauth2/missing_redirect_uri.html',
        {},
        RequestContext(request))

@login_required
def authorize(request):
    authorizer = Authorizer()
    try:
        authorizer.validate(request)
    except MissingRedirectURI, e:
        return HttpResponseRedirect("/oauth2/missing_redirect_uri")
    except AuthorizationException, e:
        # The request is malformed or invalid. Automatically
        # redirects to the provided redirect URL.
        return authorizer.error_redirect()
    if request.method == 'GET':
        template = {}
        # Use any form, make sure it has CSRF protections.
        template["form"] = AuthorizeForm()
        # Appends the original OAuth2 parameters.
        template["form_action"] = '/oauth2/authorize?%s' % authorizer.query_string
        return render_to_response(
            'oauth2/authorize.html',
            template,
            RequestContext(request))
    elif request.method == 'POST':
        form = AuthorizeForm(request.POST)
        if form.is_valid():
            if request.POST.get("connect") == "Yes":
                # User agrees. Redirect to redirect_uri with success params.
                return authorizer.grant_redirect()
            else:
                # User refuses. Redirect to redirect_uri with error params.
                return authorizer.error_redirect()
    return HttpResponseRedirect("/")

Authenticate requests.

from oauth2app.authenticate import Authenticator, AuthenticationException
from django.http import HttpResponse

def test(request):
    authenticator = Authenticator()
    try:
        # Validate the request.
        authenticator.validate(request)
    except AuthenticationException:
        # Return an error response.
        return authenticator.error_response(content="You didn't authenticate.")
    username = authenticator.user.username
    return HttpResponse(content="Hi %s, You authenticated!" % username)

If you want to authenticate JSON requests try the JSONAuthenticator.

from oauth2app.authenticate import JSONAuthenticator, AuthenticationException

def test(request):
    authenticator = JSONAuthenticator()
    try:
        # Validate the request.
        authenticator.validate(request)
    except AuthenticationException:
        # Return a JSON encoded error response.
        return authenticator.error_response()
    username = authenticator.user.userame
    # Return a JSON encoded response.
    return authenticator.response({"username":username})

Examples

An example Django project demonstrating client and server functionality is available in the repository.

https://github.com/hiidef/oauth2app/tree/develop/examples/mysite

Something went wrong with that request. Please try again.