Test project that allows you to create OAuth2 applications and getting tokens by client app Consumer
.
To test api you have to create new application. Go to /consumer and login. Then click on Applications
and create new app with grand type: Resource owner password-based and client type: confidential
Assuming your credentials are:
client_id=qbmpPpuEnAvWoI8s55L9McafHwjHD8Wsjfm2oShu
client_secret=W39qCKpsUtXN7CchGxr9G2lgD8rLveo3gwd4eulClTuTnZKKidzx7DjUdWKIH8ndXyYFxZSKfqY6MUpzsZWGhuzscXKMpVardpsojMEoGfgjTy7jXUSgEfDwfwmLJCbo
At this point you are ready to request an access token:
curl \
-X POST \
-d "grant_type=password&username=test_user1&password=password_test_user1" \
-u"qbmpPpuEnAvWoI8s55L9McafHwjHD8Wsjfm2oShu:W39qCKpsUtXN7CchGxr9G2lgD8rLveo3gwd4eulClTuTnZKKidzx7DjUdWKIH8ndXyYFxZSKfqY6MUpzsZWGhuzscXKMpVardpsojMEoGfgjTy7jXUSgEfDwfwmLJCbo" \
http://localhost:8000/auth/token/
{
"access_token": "hu4P2IMQkrRObEx7QGXlXQ694jluTn",
"expires_in": 360000,
"token_type": "Bearer",
"scope": "read write",
"refresh_token": "HKTm13zavTQ64W44HSHsJliIcsV0kL"
}
Now you can request user data:
curl \
-H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
http://localhost:8000/api/users/
[
{
"id":2,
"username": "test_user1",
"email": "[email protected]",
"first_name": "first",
"last_name": "user"
}
]
Api is per user protected, so this request is not allowed:
curl \
-H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
http://localhost:8000/api/users/1/
{
"detail": "Not found."
}
Also you can make PUT request:
curl \
-H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
-X PUT \
-d"[email protected]" \
http://localhost:8000/api/users/2/
{
"id": 2,
"username": "test_user1",
"email": "[email protected]",
"first_name": "first",
"last_name": "user"
}
To test OAuth2 provider you can open app hosted at heroku.
Click on Applications and add new app with
- client type:
confidential
, - grant type:
Authorizaiton code
, - Redirect uris:
https://django-oauth2.herokuapp.com/consumer/exchange/
then click save.
Go to the main page and attempt to retrieve token. Hint:
- Authorization url must be
https://django-oauth2.herokuapp.com/auth/authorize/
- Token url is:
https://django-oauth2.herokuapp.com/auth/token/
Simple documentation available at docs
cp env.example oauth_api/.env
pip install -r requirements.txt
python manage.py migrate
python manage.py runserver