Advanced topics

    class (models.Model)

    This is the base class implementing the bare minimum for Django OAuth Toolkit to work

    • client_id The client identifier issued to the client during the registration process as described in RFC6749 Section 2.2
    • user ref to a Django user
    • The list of allowed redirect uri. The string consists of valid URLs separated by space
    • authorization_grant_type Authorization flows available to the Application
    • Confidential secret issued to the client during the registration process as described in
    • name Friendly name for the Application

    Django OAuth Toolkit lets you extend the AbstractApplication model in a fashion like Django’s custom user models.

    Then you need to tell Django OAuth Toolkit which model you want to use to represent applications. Write something like this in your settings module:

    Be aware that, when you intend to swap the application model, you should create and run the migration defining the swapped application model prior to setting OAUTH2_PROVIDER_APPLICATION_MODEL. You’ll run into models.E022 in Core system checks if you don’t get the order right.

    You can force your migration providing the custom model to run in the right order by adding:

    That’s all, now Django OAuth Toolkit will use your model wherever an Application instance is needed.

    The default application model supports a single OAuth grant (e.g. authorization code, client credentials). If you need applications to support multiple grants, override the allows_grant_type method. For example, if you want applications to support the authorization code and client credentials grants, you might do the following:

    Skip authorization form

    • auto - users are prompted only the first time, subsequent authorizations for the same application and scopes will be automatically accepted.

    Skip authorization completely for trusted applications

    You might want to completely bypass the authorization form, for instance if your application is an in-house product or if you already trust the application owner by other means. To this end, you have to set skip_authorization = True on the model, either programmaticaly or within the Django admin. Users will not be prompted for authorization, even on the first use of the application.