provider

provider.constants

provider.constants.RESPONSE_TYPE_CHOICES
Settings:OAUTH_RESPONSE_TYPE_CHOICES

The response types as outlined by Section 3.1.1

provider.constants.SCOPES
Settings:OAUTH_SCOPES

A choice of scopes. A detailed implementation is left to the developer. The current default implementation in provider.oauth2.scope makes use of bit shifting operations to combine read and write permissions.

provider.constants.EXPIRE_DELTA
Settings:OAUTH_EXPIRE_DELTA
Default:datetime.timedelta(days=365)

The time to expiry for access tokens as outlined in Section 4.2.2 and Section 5.1.

provider.constants.EXPIRE_CODE_DELTA
Settings:OAUTH_EXPIRE_CODE_DELTA
Default:datetime.timedelta(seconds=10*60)

The time to expiry for an authorization code grant as outlined in Section 4.1.2.

provider.constants.DELETE_EXPIRED
Settings:OAUTH_DELETE_EXPIRED
Default:False

To remove expired tokens immediately instead of letting them persist, set to True.

provider.constants.ENFORCE_SECURE
Settings:OAUTH_ENFORCE_SECURE
Default:False

To enforce secure communication on application level, set to True.

provider.constants.SESSION_KEY
Settings:OAUTH_SESSION_KEY
Default:“oauth”

Session key prefix to store temporary data while the user is completing the authentication / authorization process.

provider.constants.SINGLE_ACCESS_TOKEN
Settings:OAUTH_SINGLE_ACCESS_TOKEN
Default:False

To have the provider only create and retrieve one access token per user/client/scope combination, set to True.

provider.forms

class provider.forms.OAuthForm(*args, **kwargs)[source]

Form class that creates shallow error dicts and exists early when a OAuthValidationError is raised.

The shallow error dict is reused when returning error responses to the client.

The different types of errors are outlined in Section 4.2.2.1 and Section 5.2.

exception provider.forms.OAuthValidationError[source]

Exception to throw inside OAuthForm if any OAuth2 related errors are encountered such as invalid grant type, invalid client, etc.

OAuthValidationError expects a dictionary outlining the OAuth error as its first argument when instantiating.

Example:
class GrantValidationForm(OAuthForm):
    grant_type = forms.CharField()

    def clean_grant(self):
        if not self.cleaned_data.get('grant_type') == 'code':
            raise OAuthValidationError({
                'error': 'invalid_grant',
                'error_description': "%s is not a valid grant type" % (
                    self.cleaned_data.get('grant_type'))
            })

The different types of errors are outlined in Section 4.2.2.1 and Section 5.2.

provider.scope

Default scope implementation relying on bit shifting. See provider.constants.SCOPES for the list of available scopes.

Scopes can be combined, such as "read write". Note that a single "write" scope is not the same as "read write".

See provider.scope.to_int on how scopes are combined.

provider.scope.check(wants, has)[source]

Check if a desired scope wants is part of an available scope has.

Returns False if not, return True if yes.

Example:

If a list of scopes such as

READ = 1 << 1
WRITE = 1 << 2
READ_WRITE = READ | WRITE

SCOPES = (
    (READ, 'read'),
    (WRITE, 'write'),
    (READ_WRITE, 'read+write'),
)

is defined, we can check if a given scope is part of another:

>>> from provider import scope
>>> scope.check(READ, READ)
True
>>> scope.check(WRITE, READ)
False
>>> scope.check(WRITE, WRITE)
True
>>> scope.check(READ, WRITE)
False
>>> scope.check(READ, READ_WRITE)
True
>>> scope.check(WRITE, READ_WRITE)
True
provider.scope.names(scope)

Returns a list of scope names as defined in provider.constants.SCOPES for a given scope integer.

>>> assert ['read', 'write'] == provider.scope.names(provider.constants.READ_WRITE)
provider.scope.to_int(*names, **kwargs)[source]

Turns a list of scope names into an integer value.

>>> scope.to_int('read')
2
>>> scope.to_int('write')
6
>>> scope.to_int('read', 'write')
6
>>> scope.to_int('invalid')
0
>>> scope.to_int('invalid', default = 1)
1
provider.scope.to_names(scope)[source]

Returns a list of scope names as defined in provider.constants.SCOPES for a given scope integer.

>>> assert ['read', 'write'] == provider.scope.names(provider.constants.READ_WRITE)

provider.templatetags.scope

provider.templatetags.scope.scopes(scope_int)[source]

Wrapper around provider.scope.names to turn an int into a list of scope names in templates.

provider.utils

provider.utils.deserialize_instance(model, data={})[source]

Translate raw data into a model instance.

provider.utils.get_code_expiry()[source]

Return a datetime object indicating when an authorization code should expire. Can be customized by setting settings.OAUTH_EXPIRE_CODE_DELTA to a datetime.timedelta object.

provider.utils.get_token_expiry(public=True)[source]

Return a datetime object indicating when an access token should expire. Can be customized by setting settings.OAUTH_EXPIRE_DELTA to a datetime.timedelta object.

provider.utils.long_token()[source]

Generate a hash that can be used as an application secret

provider.utils.serialize_instance(instance)[source]

Since Django 1.6 items added to the session are no longer pickled, but JSON encoded by default. We are storing partially complete models in the session (user, account, token, ...). We cannot use standard Django serialization, as these are models are not “complete” yet. Serialization will start complaining about missing relations et al.

provider.utils.short_token()[source]

Generate a hash that can be used as an application identifier

provider.views

provider.oauth2

provider.oauth2.forms

provider.oauth2.models

provider.oauth2.urls

provider.oauth2.views