Getting started

Installation

$ pip install django-oauth2-provider

Configuration

Add OAuth2 Provider to INSTALLED_APPS

INSTALLED_APPS = (
    # ...
    'provider',
    'provider.oauth2',
)

Modify your settings to match your needs

The default settings are available in provider.constants.

Include the OAuth 2 views

Add provider.oauth2.urls to your root urls.py file.

url(r'^oauth2/', include('provider.oauth2.urls', namespace = 'oauth2')),

Note

The namespace argument is required.

Sync your database

$ python manage.py syncdb
$ python manage.py migrate

How to request an access token for the first time ?

Create a client entry in your database

Note

To find out which type of client you need to create, read Section 2.1.

To create a new entry simply use the Django admin panel.

Request an access token

Assuming that you’ve used the same URL configuration as above, your client needs to submit a POST request to /oauth2/access_token including the following parameters:

  • client_id - The client ID you’ve configured in the Django admin.
  • client_secret - The client secret configured in the Django admin.
  • username - The username with which you want to log in.
  • password - The password corresponding to the user you’re logging in with.

Request

$ curl -X POST -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD" http://localhost:8000/oauth2/access_token/

Response

{"access_token": "<your-access-token>", "scope": "read", "expires_in": 86399, "refresh_token": "<your-refresh-token>"}

This particular way of obtaining an access token is called a Password Grant. All the other ways of acquiring an access token are outlined in Section 4.

Note

Remember that you should always use HTTPS for all your OAuth 2 requests otherwise you won’t be secured.