Skip to content

Latest commit

 

History

History
121 lines (95 loc) · 2.85 KB

README.md

File metadata and controls

121 lines (95 loc) · 2.85 KB

Django OAuth2 Application

Test project that allows you to create OAuth2 applications and getting tokens by client app Consumer.

To test api you have to create new application. Go to /consumer and login. Then click on Applications and create new app with grand type: Resource owner password-based and client type: confidential Assuming your credentials are:

client_id=qbmpPpuEnAvWoI8s55L9McafHwjHD8Wsjfm2oShu
client_secret=W39qCKpsUtXN7CchGxr9G2lgD8rLveo3gwd4eulClTuTnZKKidzx7DjUdWKIH8ndXyYFxZSKfqY6MUpzsZWGhuzscXKMpVardpsojMEoGfgjTy7jXUSgEfDwfwmLJCbo

Test API

At this point you are ready to request an access token:

curl \
  -X POST \
  -d "grant_type=password&username=test_user1&password=password_test_user1" \
  -u"qbmpPpuEnAvWoI8s55L9McafHwjHD8Wsjfm2oShu:W39qCKpsUtXN7CchGxr9G2lgD8rLveo3gwd4eulClTuTnZKKidzx7DjUdWKIH8ndXyYFxZSKfqY6MUpzsZWGhuzscXKMpVardpsojMEoGfgjTy7jXUSgEfDwfwmLJCbo" \
  http://localhost:8000/auth/token/

response

{
  "access_token": "hu4P2IMQkrRObEx7QGXlXQ694jluTn",
  "expires_in": 360000,
  "token_type": "Bearer",
  "scope": "read write",
  "refresh_token": "HKTm13zavTQ64W44HSHsJliIcsV0kL"
}

Now you can request user data:

curl \
  -H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
  http://localhost:8000/api/users/

response

[
  {
    "id":2,
    "username": "test_user1",
    "email": "[email protected]",
    "first_name": "first",
    "last_name": "user"
  }
]

Api is per user protected, so this request is not allowed:

curl \
  -H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
  http://localhost:8000/api/users/1/

response

{
  "detail": "Not found."
}

Also you can make PUT request:

curl \
  -H "Authorization: Bearer hu4P2IMQkrRObEx7QGXlXQ694jluTn" \
  -X PUT \
  -d"[email protected]" \
  http://localhost:8000/api/users/2/

response

{
  "id": 2,
  "username": "test_user1",
  "email": "[email protected]",
  "first_name": "first",
  "last_name": "user"
}

Test OAuth2

To test OAuth2 provider you can open app hosted at heroku.
Click on Applications and add new app with

  • client type: confidential,
  • grant type: Authorizaiton code,
  • Redirect uris: https://django-oauth2.herokuapp.com/consumer/exchange/
    then click save.

Go to the main page and attempt to retrieve token. Hint:

  • Authorization url must be https://django-oauth2.herokuapp.com/auth/authorize/
  • Token url is: https://django-oauth2.herokuapp.com/auth/token/

Documentation

Simple documentation available at docs

Installation

cp env.example oauth_api/.env
pip install -r requirements.txt
python manage.py migrate
python manage.py runserver