Views code and details

    class (**kwargs)

    View for protecting a resource with client-credentials method. This involves allowing access tokens, Basic Auth and plain credentials in request body.

    class oauth2_provider.views.generic.ClientProtectedScopedResourceView(**kwargs)

    Impose scope restrictions if client protection fallsback to access token.

    class oauth2_provider.views.generic.InitializationMixin

    Initializer for OauthLibMixin

    • oauthlib_backend_class

      alias of oauth2_provider.oauth2_backends.OAuthLibCore

    • server_class

      alias of oauthlib.oauth2.rfc6749.endpoints.pre_configured.Server

    class oauth2_provider.views.generic.ProtectedResourceView(**kwargs)

    Generic view protecting resources by providing OAuth2 authentication out of the box

    class oauth2_provider.views.generic.ReadWriteScopedResourceView(**kwargs)

    Generic view protecting resources with OAuth2 authentication and read/write scopes. GET, HEAD, OPTIONS http methods require “read” scope. Otherwise “write” scope is required.

    class oauth2_provider.views.generic.ScopedProtectedResourceView(**kwargs)

    Generic view protecting resources by providing OAuth2 authentication and Scopes handling out of the box

    These views are mainly for internal use, but advanced users may use them as basic components to customize OAuth2 logic inside their Django applications.

    class oauth2_provider.views.mixins.ClientProtectedResourceMixin

    Mixin for protecting resources with client authentication as mentioned in rfc:3.2.1 This involves authenticating with any of: HTTP Basic Auth, Client Credentials and Access token in that order. Breaks off after first validation.

    class oauth2_provider.views.mixins.OAuthLibMixin

    This mixin decouples Django OAuth Toolkit from OAuthLib.

    Users can configure the Server, Validator and OAuthlibCore classes used by this mixin by setting the following class variables:

    • authenticate_client(request)

      Returns a boolean representing if client is authenticated with client credentials method. Returns True if authenticated.

    • create_authorization_response(request, scopes, credentials, allow)

      A wrapper method that calls create_authorization_response on server_class instance.

      Parameters:
      • request – The current django.http.HttpRequest object
      • scopes – A space-separated string of provided scopes
      • credentials – Authorization credentials dictionary containing client_id, state, redirect_uri, response_type

    • create_revocation_response(request)

      A wrapper method that calls create_revocation_response on the server_class instance.

      Parameters:request – The current django.http.HttpRequest object

    • create_token_response(request)

      A wrapper method that calls create_token_response on server_class instance.

    • Return an error to be displayed to the resource owner if anything goes awry.

      Parameters:errorOAuthToolkitError

    • classmethod get_oauthlib_backend_class()

      Return the OAuthLibCore implementation class to use

    • classmethod ()

      Cache and return OAuthlibCore instance so it will be created only on first request

    • get_scopes()

      This should return the list of scopes required to access the resources. By default it returns an empty list.

    • classmethod get_server()

      Return an instance of server_class initialized with a validator_class object

    • classmethod get_server_class()

      Return the OAuthlib server class to use

    • classmethod get_validator_class()

      Return the RequestValidator implementation class to use

    • validate_authorization_request(request)

      A wrapper method that calls validate_authorization_request on server_class instance.

      Parameters:request – The current django.http.HttpRequest object

    • verify_request(request)

      A wrapper method that calls verify_request on server_class instance.

    class oauth2_provider.views.mixins.ProtectedResourceMixin

    Helper mixin that implements OAuth2 protection on request dispatch, specially useful for Django Generic Views

    class oauth2_provider.views.mixins.ReadWriteScopedResourceMixin

    Helper mixin that implements “read and write scopes” behavior

    • get_scopes(args, kwargs*)

      Return the scopes needed to access the resource

      Parameters:args – Support scopes injections from the outside (not yet implemented)

    class oauth2_provider.views.mixins.ScopedResourceMixin

    Helper mixin that implements “scopes handling” behaviour

    • get_scopes(args, kwargs*)

      Return the scopes needed to access the resource

      Parameters:args – Support scopes injections from the outside (not yet implemented)

    Views needed to implement the main OAuth2 authorization flows supported by Django OAuth Toolkit.

    class oauth2_provider.views.base.AuthorizationView(**kwargs)

    Implements an endpoint to handle Authorization Requests as in and prompting the user with a form to determine if she authorizes the client application to access her data. This endpoint is reached two times during the authorization process: first receive a GET request from user asking authorization for a certain client application, a form is served possibly showing some useful info and prompting for authorize/do not authorize*.

    The endpoint is used in the following flows: Authorization code Implicit grant

    • form_class

      alias of oauth2_provider.forms.AllowForm

    • (form)

      If the form is valid, redirect to the supplied URL.

    • get(request, args, kwargs*)

      Handle GET requests: instantiate a blank version of the form.

    • get_initial()

      Return the initial data to use for forms on this view.

    • oauthlib_backend_class

      alias of oauth2_provider.oauth2_backends.OAuthLibCore

    • server_class

      alias of oauthlib.oauth2.rfc6749.endpoints.pre_configured.Server

    class oauth2_provider.views.base.BaseAuthorizationView(**kwargs)

    Implements a generic endpoint to handle Authorization Requests as in . The view does not implement any strategy to determine authorize/do not authorize logic. The endpoint is used in the following flows:

    • Authorization code

    • Implicit grant

    • error_response(error, application, **kwargs)

      Handle errors either by redirecting to redirect_uri with a json in the body containing error details or providing an error response

    class oauth2_provider.views.base.RevokeTokenView(**kwargs)

    Implements an endpoint to revoke access or refresh tokens

    • oauthlib_backend_class

      alias of oauth2_provider.oauth2_backends.OAuthLibCore

    • server_class

      alias of oauthlib.oauth2.rfc6749.endpoints.pre_configured.Server

    class oauth2_provider.views.base.TokenView(**kwargs)

    Implements an endpoint to provide access tokens

    The endpoint is used in the following flows: Authorization code Password * Client credentials

    • oauthlib_backend_class

      alias of oauth2_provider.oauth2_backends.OAuthLibCore

    • server_class