GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → RichardKnop → Django Oauth2 Server

RichardKnop / Django Oauth2 Server

Licence: mpl-2.0
OAuth2 server written in Python with Django

Programming Languages

python
139335 projects - #7 most used programming language

Labels

djangooauth2oauth2-server

Projects that are alternatives of or similar to Django Oauth2 Server

Authlib
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
Stars: ✭ 2,854 (+2542.59%)
Mutual labels:  django, oauth2, oauth2-server
Doorkeeper
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Stars: ✭ 4,917 (+4452.78%)
Mutual labels:  oauth2, oauth2-server
Example Oauth2 Server
Example for OAuth 2 Server for Authlib.
Stars: ✭ 499 (+362.04%)
Mutual labels:  oauth2, oauth2-server
Flask Oauthlib
YOU SHOULD USE https://github.com/lepture/authlib
Stars: ✭ 1,429 (+1223.15%)
Mutual labels:  oauth2, oauth2-server
Tkey
以材料最全、示例最多为目标的单点登录系统(SSO)
Stars: ✭ 295 (+173.15%)
Mutual labels:  oauth2, oauth2-server
Django Oidc Provider
OpenID Connect and OAuth2 provider implementation for Djangonauts.
Stars: ✭ 320 (+196.3%)
Mutual labels:  django, oauth2
Django Rest Framework Social Oauth2
python-social-auth and oauth2 support for django-rest-framework
Stars: ✭ 941 (+771.3%)
Mutual labels:  django, oauth2
genkan
🔑 The future of Kitsu's Authentication
Stars: ✭ 13 (-87.96%)
Mutual labels:  oauth2, oauth2-server
Oauth2 Shiro Jwt
use oauth2, shiro and spring specrity to make an ums system
Stars: ✭ 29 (-73.15%)
Mutual labels:  oauth2, oauth2-server
Fake Oauth2 Server
An OAuth2 server implementation to be used for testing
Stars: ✭ 34 (-68.52%)
Mutual labels:  oauth2, oauth2-server
Oauth2 Server
OAuth2 Server Library
Stars: ✭ 42 (-61.11%)
Mutual labels:  oauth2, oauth2-server
Glewlwyd
Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
Stars: ✭ 292 (+170.37%)
Mutual labels:  oauth2, oauth2-server
Hiauth
HiAuth是一个开源的基于Oauth2协议的认证、授权系统。
Stars: ✭ 273 (+152.78%)
Mutual labels:  oauth2, oauth2-server
Go Api Boilerplate
Go Server/API boilerplate using best practices DDD CQRS ES gRPC
Stars: ✭ 373 (+245.37%)
Mutual labels:  oauth2, oauth2-server
angular2-social-login
Angular 2 OAuth social login facebook, google, LinkedIn etc using NodeJS server
Stars: ✭ 40 (-62.96%)
Mutual labels:  oauth2, oauth2-server
Django Graphql Jwt
JSON Web Token (JWT) authentication for Graphene Django
Stars: ✭ 649 (+500.93%)
Mutual labels:  django, oauth2
Node Oauth2 Server Mongo Example
Working oauth2 server with mongodb storage and minimal configuration
Stars: ✭ 76 (-29.63%)
Mutual labels:  oauth2, oauth2-server
oauth2-server
A spec compliant, secure by default PHP OAuth 2.0 Server
Stars: ✭ 6,128 (+5574.07%)
Mutual labels:  oauth2, oauth2-server
jpsite-security-oauth2-open
微服务开放API授权平台
Stars: ✭ 21 (-80.56%)
Mutual labels:  oauth2, oauth2-server
Web Framework For Java
A seed project with spring boot for AngularJS, AngularJs Material, Thymeleaf, RESTful API, MySQL and admin panel based on AdminLTE.
Stars: ✭ 29 (-73.15%)
Mutual labels:  oauth2, oauth2-server
View All Similar Projects ➔

Codeship Status for RichardKnop/django-oauth2-server

Travis Status for RichardKnop/django-oauth2-server Donate Bitcoin

Django OAuth2 Server

Implementation of OAuth2 Server for Django. Feel free to fork this repository and contribute.

Written for Django 1.9 :)

Grant Types

Authorization Code

http://tools.ietf.org/html/rfc6749#section-4.1

Insert test data:

$ python oauth2server/manage.py loaddata test_credentials
$ python oauth2server/manage.py loaddata test_scopes

Run the development web server:

$ python oauth2server/manage.py runserver

And you can now go to this page in your web browser:

http://localhost:8000/web/authorize/?response_type=code&client_id=testclient&redirect_uri=https://www.example.com&state=somestate

You should see a screen like this:

Authorization page screenshot

Click yes, you will be redirected to the redirect_uri and the authorization code will be in the query string. For example:

https://www.example.com/?code=cd45169cf6575f76d789f55764cb751b4d08274d&state=somestate

You can use it to get access token:

http://tools.ietf.org/html/rfc6749#section-4.1.3

$ curl -u testclient:testpassword localhost:8080/api/v1/tokens/ -d 'grant_type=authorization_code&code=cd45169cf6575f76d789f55764cb751b4d08274d'

You should get a response like:

{
    "id": 1,
    "access_token": "00ccd40e-72ca-4e79-a4b6-67c95e2e3f1c",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "foo bar qux",
    "refresh_token": "6fd8d272-375a-4d8a-8d0f-43367dc8b791"
}

Implicit

http://tools.ietf.org/html/rfc6749#section-4.2

Very similar to the authorization code but the token is returned in URL fragment.

Insert test data:

$ python oauth2server/manage.py loaddata test_credentials
$ python oauth2server/manage.py loaddata test_scopes

Run the development web server:

$ python oauth2server/manage.py runserver

And you can now go to this page in your web browser:

http://localhost:8080/web/authorize/?response_type=token&client_id=testclient&redirect_uri=https://www.example.com&state=somestate

You should see a screen like this:

Authorization page screenshot

Click yes, you will be redirected to the redirect_uri and the access token code will be in the URL fragment. For example:

https://www.example.com#access_token=66b80fb9d6630705bcea1c9be0df2a5f7f7a52bf&expires_in=3600&token_type=Bearer&state=somestate

User Credentials

http://tools.ietf.org/html/rfc6749#section-4.3

Insert test data:

$ python oauth2server/manage.py loaddata test_credentials
$ python oauth2server/manage.py loaddata test_scopes

Run the development web server:

$ python oauth2server/manage.py runserver

And you can now get a new access token:

$ curl -u testclient:testpassword localhost:8080/api/v1/tokens/ -d 'grant_type=password&[email protected]&password=testpassword'

You should get a response like:

{
    "id": 1,
    "access_token": "00ccd40e-72ca-4e79-a4b6-67c95e2e3f1c",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "foo bar qux",
    "refresh_token": "6fd8d272-375a-4d8a-8d0f-43367dc8b791"
}

Client Credentials

http://tools.ietf.org/html/rfc6749#section-4.4

Insert test data:

$ python oauth2server/manage.py loaddata test_credentials
$ python oauth2server/manage.py loaddata test_scopes

Run the development web server:

$ python oauth2server/manage.py runserver

And you can now get token either using HTTP Basic Authentication:

$ curl -u testclient:testpassword localhost:8080/api/v1/tokens/ -d 'grant_type=client_credentials'

Or using POST body:

$ curl localhost:8000/api/v1/tokens/ -d 'grant_type=client_credentials&client_id=testclient&client_secret=testpassword'

You should get a response like:

{
    "id": 1,
    "access_token": "00ccd40e-72ca-4e79-a4b6-67c95e2e3f1c",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "foo bar qux",
    "refresh_token": "6fd8d272-375a-4d8a-8d0f-43367dc8b791"
}

Refresh Token

Let's say you have created a new access token using the user credentials grant type. The response included a refresh token which you can use to get a new access token before your current access token expires.

$ curl -u testclient:testpassword localhost:8080/api/v1/tokens/ -d 'grant_type=refresh_token&refresh_token=55697efd4b74c980f2c638602556115bc14ca931'

And you get a new access token:

{
    "id": 1,
    "access_token": "00ccd40e-72ca-4e79-a4b6-67c95e2e3f1c",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "foo bar qux",
    "refresh_token": "6fd8d272-375a-4d8a-8d0f-43367dc8b791"
}

Scope

http://tools.ietf.org/html/rfc6749#section-3.3

Scope is quite arbitrary. Basically it is a space delimited case-sensitive string where each part defines a specific access range.

You can define your scopes and insert them into tokens_oauthscope table, is_default flag can be used to specify default scope.

Authentication

Now that you have obtained an access token, you can make requests to protected resources.

In order to require authentication for a view, wrap it in the authentication_required decorator:

from apps.tokens.decorators import authentication_required

@authentication_required("some_scope")
def some_view(request, *args, **kwargs):
    ...

Contributing

In order to contribute to this project, fork it and make a pull request. I will review and accept it.

All tests must be passing in order for the pull request to be accepted.

Installation

Clone the repository:

$ git clone https://github.com/RichardKnop/django-oauth2-server.git

Create a virtual environment and install requirements:

$ virtualenv venv
$ source venv/bin/activate
$ pip install -r requirements.txt

Create a local.py file and insert correct configuration details:

$ cp oauth2server/proj/settings/local.example.py oauth2server/proj/settings/local.py
$ nano cp oauth2server/proj/settings/local.py

Sync the database:

$ python oauth2server/manage.py syncdb

Configuration

These are the current configuration options:

OAUTH2_SERVER = {
    'ACCESS_TOKEN_LIFETIME': 3600,
    'AUTH_CODE_LIFETIME': 3600,
    'REFRESH_TOKEN_LIFETIME': 1209600,
    'IGNORE_CLIENT_REQUESTED_SCOPE': False,
}
  • ACCESS_TOKEN_LIFETIME: lifetime of an access token in seconds
  • AUTH_CODE_LIFETIME: lifetime of an authorization code in seconds
  • REFRESH_TOKEN_LIFETIME: lifetime of a refresh token in seconds
  • IGNORE_CLIENT_REQUESTED_SCOPE: if true, client requested scope will be ignored

Running Tests

$ python oauth2server/manage.py test
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].