Skip to content

Django OAuth2 application with consumer to authorize client and retrieve token. Also simple api with OAuth protection available

Notifications You must be signed in to change notification settings

conformist-mw/django-oauth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Django OAuth2 Application

Test project that allows you to create OAuth2 applications and getting tokens by client app Consumer.

To test api you have to create new application. Go to /consumer and login. Then click on Applications and create new app with grand type: Resource owner password-based and client type: confidential Assuming your credentials are:

client_id=qbmpPpuEnAvWoI8s55L9McafHwjHD8Wsjfm2oShu
client_secret=W39qCKpsUtXN7CchGxr9G2lgD8rLveo3gwd4eulClTuTnZKKidzx7DjUdWKIH8ndXyYFxZSKfqY6MUpzsZWGhuzscXKMpVardpsojMEoGfgjTy7jXUSgEfDwfwmLJCbo

Test API

At this point you are ready to request an access token:

curl \
  -X POST \
  -d "grant_type=password&username=test_user1&password=password_test_user1" \
  -u"qbmpPpuEnAvWoI8s55L9McafHwjHD8Wsjfm2oShu:W39qCKpsUtXN7CchGxr9G2lgD8rLveo3gwd4eulClTuTnZKKidzx7DjUdWKIH8ndXyYFxZSKfqY6MUpzsZWGhuzscXKMpVardpsojMEoGfgjTy7jXUSgEfDwfwmLJCbo" \
  http://localhost:8000/auth/token/

response

{
  "access_token": "hu4P2IMQkrRObEx7QGXlXQ694jluTn",
  "expires_in": 360000,
  "token_type": "Bearer",
  "scope": "read write",
  "refresh_token": "HKTm13zavTQ64W44HSHsJliIcsV0kL"
}

Now you can request user data:

curl \
  -H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
  http://localhost:8000/api/users/

response

[
  {
    "id":2,
    "username": "test_user1",
    "email": "[email protected]",
    "first_name": "first",
    "last_name": "user"
  }
]

Api is per user protected, so this request is not allowed:

curl \
  -H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
  http://localhost:8000/api/users/1/

response

{
  "detail": "Not found."
}

Also you can make PUT request:

curl \
  -H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
  -X PUT \
  -d"[email protected]" \
  http://localhost:8000/api/users/2/

response

{
  "id": 2,
  "username": "test_user1",
  "email": "[email protected]",
  "first_name": "first",
  "last_name": "user"
}

Test OAuth2

To test OAuth2 provider you can open app hosted at heroku.
Click on Applications and add new app with

  • client type: confidential,
  • grant type: Authorizaiton code,
  • Redirect uris: https://django-oauth2.herokuapp.com/consumer/exchange/
    then click save.

Go to the main page and attempt to retrieve token. Hint:

  • Authorization url must be https://django-oauth2.herokuapp.com/auth/authorize/
  • Token url is: https://django-oauth2.herokuapp.com/auth/token/

Documentation

Simple documentation available at docs

Installation

cp env.example oauth_api/.env
pip install -r requirements.txt
python manage.py migrate
python manage.py runserver

About

Django OAuth2 application with consumer to authorize client and retrieve token. Also simple api with OAuth protection available

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published