- See http://hiidef.github.com/oauth2app for documentation.
- See https://github.com/hiidef/oauth2app for source code.
- Based on http://code.google.com/p/django-oauth2
- Support for OAuth 2.0 draft 16, http://tools.ietf.org/html/draft-ietf-oauth-v2-16
If easy_install is available, you can use:
easy_install https://github.com/hiidef/oauth2app/tarball/master
The oauth2app module helps Django site operators provide an OAuth 2.0 interface. The module is registered as an application.
In settings.py, add 'oauth2app' to INSTALLED_APPS.
INSTALLED_APPS = ( ..., 'oauth2app' )
Sync the DB models.
python manage.py syncdb
In urls.py, add /oauth2/authorize and /oauth2/token views to a new or existing app.
urlpatterns += patterns('', (r'^oauth2/missing_redirect_uri/?$', 'mysite.oauth2.views.missing_redirect_uri'), (r'^oauth2/authorize/?$', 'mysite.oauth2.views.authorize'), (r'^oauth2/token/?$', 'oauth2app.token.handler'), )
Create client models.
from oauth2app.models import Client Client.objects.create( name="My Sample OAuth 2.0 Client", user=user)
Create authorize and missing_redirect_uri handlers.
from django.shortcuts import render_to_response from django.http import HttpResponseRedirect from django.template import RequestContext from django.contrib.auth.decorators import login_required from oauth2app.authorize import Authorizer, MissingRedirectURI, AuthorizationException from django import forms class AuthorizeForm(forms.Form): pass @login_required def missing_redirect_uri(request): return render_to_response( 'oauth2/missing_redirect_uri.html', {}, RequestContext(request)) @login_required def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri") except AuthorizationException, e: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': template = {} # Use any form, make sure it has CSRF protections. template["form"] = AuthorizeForm() # Appends the original OAuth2 parameters. template["form_action"] = '/oauth2/authorize?%s' % authorizer.query_string return render_to_response( 'oauth2/authorize.html', template, RequestContext(request)) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": # User agrees. Redirect to redirect_uri with success params. return authorizer.grant_redirect() else: # User refuses. Redirect to redirect_uri with error params. return authorizer.error_redirect() return HttpResponseRedirect("/")
Authenticate requests.
from oauth2app.authenticate import Authenticator, AuthenticationException from django.http import HttpResponse def test(request): authenticator = Authenticator() try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return an error response. return authenticator.error_response(content="You didn't authenticate.") username = authenticator.user.username return HttpResponse(content="Hi %s, You authenticated!" % username)
If you want to authenticate JSON requests try the JSONAuthenticator.
from oauth2app.authenticate import JSONAuthenticator, AuthenticationException def test(request): authenticator = JSONAuthenticator() try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return a JSON encoded error response. return authenticator.error_response() username = authenticator.user.userame # Return a JSON encoded response. return authenticator.response({"username":username})
An example Django project demonstrating client and server functionality is available in the repository.
https://github.com/hiidef/oauth2app/tree/develop/examples/mysite