Other projects have been able to devote the time and energy necessary to maintain oauth apps that we cannot, so while this library is not exactly unmaintained, you should probably be using something else. We highly recommend djoauth2 and Django OAuth Toolkit
- See http://hiidef.github.com/oauth2app for documentation.
- See https://github.com/hiidef/oauth2app for source code.
- Based on http://code.google.com/p/django-oauth2
- Support for OAuth 2.0 draft 16, http://tools.ietf.org/html/draft-ietf-oauth-v2-16
If easy_install is available, you can use:
easy_install https://github.com/hiidef/oauth2app/tarball/master
The oauth2app module helps Django site operators provide an OAuth 2.0 interface. The module is registered as an application.
In settings.py, add 'oauth2app' to INSTALLED_APPS.
INSTALLED_APPS = ( ..., 'oauth2app' )
Sync the DB models.
python manage.py syncdb
In urls.py, add /oauth2/authorize and /oauth2/token views to a new or existing app.
urlpatterns += patterns('', (r'^oauth2/missing_redirect_uri/?$', 'mysite.oauth2.views.missing_redirect_uri'), (r'^oauth2/authorize/?$', 'mysite.oauth2.views.authorize'), (r'^oauth2/token/?$', 'oauth2app.token.handler'), )
Create client models.
from oauth2app.models import Client Client.objects.create( name="My Sample OAuth 2.0 Client", user=user)
Create authorize and missing_redirect_uri handlers.
from django.shortcuts import render_to_response from django.http import HttpResponseRedirect from django.template import RequestContext from django.contrib.auth.decorators import login_required from oauth2app.authorize import Authorizer, MissingRedirectURI, AuthorizationException from django import forms class AuthorizeForm(forms.Form): pass @login_required def missing_redirect_uri(request): return render_to_response( 'oauth2/missing_redirect_uri.html', {}, RequestContext(request)) @login_required def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri") except AuthorizationException, e: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': template = {} # Use any form, make sure it has CSRF protections. template["form"] = AuthorizeForm() # Appends the original OAuth2 parameters. template["form_action"] = '/oauth2/authorize?%s' % authorizer.query_string return render_to_response( 'oauth2/authorize.html', template, RequestContext(request)) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": # User agrees. Redirect to redirect_uri with success params. return authorizer.grant_redirect() else: # User refuses. Redirect to redirect_uri with error params. return authorizer.error_redirect() return HttpResponseRedirect("/")
Authenticate requests.
from oauth2app.authenticate import Authenticator, AuthenticationException from django.http import HttpResponse def test(request): authenticator = Authenticator() try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return an error response. return authenticator.error_response(content="You didn't authenticate.") username = authenticator.user.username return HttpResponse(content="Hi %s, You authenticated!" % username)
If you want to authenticate JSON requests try the JSONAuthenticator.
from oauth2app.authenticate import JSONAuthenticator, AuthenticationException def test(request): authenticator = JSONAuthenticator() try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return a JSON encoded error response. return authenticator.error_response() username = authenticator.user.userame # Return a JSON encoded response. return authenticator.response({"username":username})
An example Django project demonstrating client and server functionality is available in the repository.
https://github.com/hiidef/oauth2app/tree/develop/examples/mysite