API References of Django OAuth 2.0 Server¶
This part of the documentation covers the interface of Django OAuth 2.0 Server.
-
class
authlib.integrations.django_oauth2.
AuthorizationServer
(client_model, token_model, generate_token=None, metadata=None)¶ Django implementation of
authlib.oauth2.rfc6749.AuthorizationServer
. Initialize it with client model and token model:from authlib.integrations.django_oauth2 import AuthorizationServer from your_project.models import OAuth2Client, OAuth2Token server = AuthorizationServer(OAuth2Client, OAuth2Token)
Validate authorization request and create authorization response.
- Parameters
request – HTTP request instance.
grant_user – if granted, it is resource owner. If denied, it is None.
- Returns
Response
-
create_endpoint_response
(name, request=None)¶ Validate endpoint request and create endpoint response.
- Parameters
name – Endpoint name
request – HTTP request instance.
- Returns
Response
-
create_token_response
(request=None)¶ Validate token request and create token response.
- Parameters
request – HTTP request instance
-
register_endpoint
(endpoint_cls)¶ Add extra endpoint to authorization server. e.g. RevocationEndpoint:
authorization_server.register_endpoint(RevocationEndpoint)
- Parameters
endpoint_cls – A endpoint class
-
register_grant
(grant_cls, extensions=None)¶ Register a grant class into the endpoint registry. Developers can implement the grants in
authlib.oauth2.rfc6749.grants
and register with this method:class AuthorizationCodeGrant(grants.AuthorizationCodeGrant): def authenticate_user(self, credential): # ... authorization_server.register_grant(AuthorizationCodeGrant)
- Parameters
grant_cls – a grant class.
extensions – extensions for the grant class.
-
class
authlib.integrations.django_oauth2.
ResourceProtector
¶ -
acquire_token
(request, scope=None, operator='AND')¶ A method to acquire current valid token with the given scope.
- Parameters
request – Django HTTP request instance
scope – string or list of scope values
operator – value of “AND” or “OR”
- Returns
token object
-
-
class
authlib.integrations.django_oauth2.
BearerTokenValidator
(token_model, realm=None)¶ -
authenticate_token
(token_string)¶ A method to query token from database with the given token string. Developers MUST re-implement this method. For instance:
def authenticate_token(self, token_string): return get_token_from_database(token_string)
- Parameters
token_string – A string to represent the access_token.
- Returns
token
-
request_invalid
(request)¶ Check if the HTTP request is valid or not. Developers MUST re-implement this method. For instance, your server requires a “X-Device-Version” in the header:
def request_invalid(self, request): return 'X-Device-Version' in request.headers
Usually, you don’t have to detect if the request is valid or not, you can just return a
False
.- Parameters
request – instance of HttpRequest
- Returns
Boolean
-
token_revoked
(token)¶ Check if this token is revoked. Developers MUST re-implement this method. If there is a column called
revoked
on the token table:def token_revoked(self, token): return token.revoked
- Parameters
token – token instance
- Returns
Boolean
-
-
class
authlib.integrations.django_oauth2.
RevocationEndpoint
(server)¶ The revocation endpoint for OAuth authorization servers allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed.
Register it into authorization server, and create token endpoint response for token revocation:
from django.views.decorators.http import require_http_methods # see register into authorization server instance server.register_endpoint(RevocationEndpoint) @require_http_methods(["POST"]) def revoke_token(request): return server.create_endpoint_response( RevocationEndpoint.ENDPOINT_NAME, request )
-
query_token
(token, token_type_hint, client)¶ Query requested token from database.
-
revoke_token
(token)¶ Mark the give token as revoked.
-
-
authlib.integrations.django_oauth2.
client_authenticated
¶ Signal when client is authenticated
-
authlib.integrations.django_oauth2.
token_revoked
¶ Signal when token is revoked
-
authlib.integrations.django_oauth2.
token_authenticated
¶ Signal when token is authenticated