• Stars
    star
    106
  • Rank 325,871 (Top 7 %)
  • Language
    Python
  • License
    Mozilla Public Li...
  • Created over 9 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OAuth2 server written in Python with Django

Codeship Status for RichardKnop/django-oauth2-server

Travis Status for RichardKnop/django-oauth2-server Donate Bitcoin

Django OAuth2 Server

Implementation of OAuth2 Server for Django. Feel free to fork this repository and contribute.

Written for Django 1.9 :)

Grant Types

Authorization Code

http://tools.ietf.org/html/rfc6749#section-4.1

Insert test data:

$ python oauth2server/manage.py loaddata test_credentials
$ python oauth2server/manage.py loaddata test_scopes

Run the development web server:

$ python oauth2server/manage.py runserver

And you can now go to this page in your web browser:

http://localhost:8000/web/authorize/?response_type=code&client_id=testclient&redirect_uri=https://www.example.com&state=somestate

You should see a screen like this:

Authorization page screenshot

Click yes, you will be redirected to the redirect_uri and the authorization code will be in the query string. For example:

https://www.example.com/?code=cd45169cf6575f76d789f55764cb751b4d08274d&state=somestate

You can use it to get access token:

http://tools.ietf.org/html/rfc6749#section-4.1.3

$ curl -u testclient:testpassword localhost:8080/api/v1/tokens/ -d 'grant_type=authorization_code&code=cd45169cf6575f76d789f55764cb751b4d08274d'

You should get a response like:

{
    "id": 1,
    "access_token": "00ccd40e-72ca-4e79-a4b6-67c95e2e3f1c",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "foo bar qux",
    "refresh_token": "6fd8d272-375a-4d8a-8d0f-43367dc8b791"
}

Implicit

http://tools.ietf.org/html/rfc6749#section-4.2

Very similar to the authorization code but the token is returned in URL fragment.

Insert test data:

$ python oauth2server/manage.py loaddata test_credentials
$ python oauth2server/manage.py loaddata test_scopes

Run the development web server:

$ python oauth2server/manage.py runserver

And you can now go to this page in your web browser:

http://localhost:8080/web/authorize/?response_type=token&client_id=testclient&redirect_uri=https://www.example.com&state=somestate

You should see a screen like this:

Authorization page screenshot

Click yes, you will be redirected to the redirect_uri and the access token code will be in the URL fragment. For example:

https://www.example.com#access_token=66b80fb9d6630705bcea1c9be0df2a5f7f7a52bf&expires_in=3600&token_type=Bearer&state=somestate

User Credentials

http://tools.ietf.org/html/rfc6749#section-4.3

Insert test data:

$ python oauth2server/manage.py loaddata test_credentials
$ python oauth2server/manage.py loaddata test_scopes

Run the development web server:

$ python oauth2server/manage.py runserver

And you can now get a new access token:

$ curl -u testclient:testpassword localhost:8080/api/v1/tokens/ -d 'grant_type=password&[email protected]&password=testpassword'

You should get a response like:

{
    "id": 1,
    "access_token": "00ccd40e-72ca-4e79-a4b6-67c95e2e3f1c",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "foo bar qux",
    "refresh_token": "6fd8d272-375a-4d8a-8d0f-43367dc8b791"
}

Client Credentials

http://tools.ietf.org/html/rfc6749#section-4.4

Insert test data:

$ python oauth2server/manage.py loaddata test_credentials
$ python oauth2server/manage.py loaddata test_scopes

Run the development web server:

$ python oauth2server/manage.py runserver

And you can now get token either using HTTP Basic Authentication:

$ curl -u testclient:testpassword localhost:8080/api/v1/tokens/ -d 'grant_type=client_credentials'

Or using POST body:

$ curl localhost:8000/api/v1/tokens/ -d 'grant_type=client_credentials&client_id=testclient&client_secret=testpassword'

You should get a response like:

{
    "id": 1,
    "access_token": "00ccd40e-72ca-4e79-a4b6-67c95e2e3f1c",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "foo bar qux",
    "refresh_token": "6fd8d272-375a-4d8a-8d0f-43367dc8b791"
}

Refresh Token

Let's say you have created a new access token using the user credentials grant type. The response included a refresh token which you can use to get a new access token before your current access token expires.

$ curl -u testclient:testpassword localhost:8080/api/v1/tokens/ -d 'grant_type=refresh_token&refresh_token=55697efd4b74c980f2c638602556115bc14ca931'

And you get a new access token:

{
    "id": 1,
    "access_token": "00ccd40e-72ca-4e79-a4b6-67c95e2e3f1c",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "foo bar qux",
    "refresh_token": "6fd8d272-375a-4d8a-8d0f-43367dc8b791"
}

Scope

http://tools.ietf.org/html/rfc6749#section-3.3

Scope is quite arbitrary. Basically it is a space delimited case-sensitive string where each part defines a specific access range.

You can define your scopes and insert them into tokens_oauthscope table, is_default flag can be used to specify default scope.

Authentication

Now that you have obtained an access token, you can make requests to protected resources.

In order to require authentication for a view, wrap it in the authentication_required decorator:

from apps.tokens.decorators import authentication_required

@authentication_required("some_scope")
def some_view(request, *args, **kwargs):
    ...

Contributing

In order to contribute to this project, fork it and make a pull request. I will review and accept it.

All tests must be passing in order for the pull request to be accepted.

Installation

Clone the repository:

$ git clone https://github.com/RichardKnop/django-oauth2-server.git

Create a virtual environment and install requirements:

$ virtualenv venv
$ source venv/bin/activate
$ pip install -r requirements.txt

Create a local.py file and insert correct configuration details:

$ cp oauth2server/proj/settings/local.example.py oauth2server/proj/settings/local.py
$ nano cp oauth2server/proj/settings/local.py

Sync the database:

$ python oauth2server/manage.py syncdb

Configuration

These are the current configuration options:

OAUTH2_SERVER = {
    'ACCESS_TOKEN_LIFETIME': 3600,
    'AUTH_CODE_LIFETIME': 3600,
    'REFRESH_TOKEN_LIFETIME': 1209600,
    'IGNORE_CLIENT_REQUESTED_SCOPE': False,
}
  • ACCESS_TOKEN_LIFETIME: lifetime of an access token in seconds
  • AUTH_CODE_LIFETIME: lifetime of an authorization code in seconds
  • REFRESH_TOKEN_LIFETIME: lifetime of a refresh token in seconds
  • IGNORE_CLIENT_REQUESTED_SCOPE: if true, client requested scope will be ignored

Running Tests

$ python oauth2server/manage.py test

More Repositories

1

machinery

Machinery is an asynchronous task queue/job queue based on distributed message passing.
Go
7,023
star
2

go-oauth2-server

A standalone, specification-compliant, OAuth2 server written in Golang.
Go
2,112
star
3

paxos

Golang implentation of paxos consensus algorithm
Go
49
star
4

ansi-c-perceptron

ANSI C implementation of Perceptron (simplest neural network)
C
28
star
5

example-api

A base API project to bootstrap and prototype quickly.
Go
27
star
6

coreos-cluster

An example of how to provision a CoreOS cluster on AWS using Terraform and ansible-vault.
HCL
12
star
7

zend-v112-skeleton

Zend Framework 1.12 Skeleton Project
PHP
8
star
8

pinglist-api

API / website uptime & performance monitoring platform.
Go
6
star
9

amazonetes

Opinionated terraform way to deploy Kubernetes on AWS
HCL
4
star
10

pinglist-app

Pinglist web app.
HTML
4
star
11

merkle

A Golang implementation of a merkle tree
Go
4
star
12

javascript-binary-tree-traversal

Traversing a binary tree in JavaScript
JavaScript
4
star
13

ember-starter-kit

Just finished the EmberJS starter kit. Saving the awesome result here :D
JavaScript
3
star
14

zend-v2-skeleton

Zend Framework 2 Skeleton Project (includes implementation of Zend\Mvc\Controller\AbstractRestfulController)
PHP
3
star
15

javascript-depth-first-search

My take on depth-first search algorithm
JavaScript
2
star
16

pinglist-aws-ansible

Ansible manifests to configure the Pinglist platform.
Python
2
star
17

javascript-skeleton-project

A starting point for my JavaScript projects.
JavaScript
2
star
18

kensho

D3 dynamic stocks line chart ;)
JavaScript
2
star
19

selection-sort-php

Selection sort algorithm PHP implementation
PHP
2
star
20

pinglist-ios-app

iOS application.
Objective-C
2
star
21

pinglist-aws-terraform

Terraform manifests to build Pinglist AWS infrastructure.
HCL
2
star
22

CookieMock

A mock object simulating behaviour of document.cookie. Useful for unit tests.
JavaScript
1
star
23

chess-engine

Websockets chess game
JavaScript
1
star
24

pinglist-proxy

A simple server to proxy requests through a remote server.
Go
1
star
25

viki

Viki
Python
1
star
26

javascript-longest-increasing-subsequence

Given an array what is the longest contiguous increasing subsequence of elements?
JavaScript
1
star
27

golang-ansible

Sets up Golang environment
1
star
28

nested-set-model

Simple implementation of nested set model in PHP
1
star
29

richardknop.github.io

My website
JavaScript
1
star
30

voucher

Voucher service
Go
1
star
31

puppet

Ruby
1
star
32

javascript-breadth-first-search

My take on breadth-first search algorithm
JavaScript
1
star