Getting started


$ pip install django-oauth2-provider


Add OAuth2 Provider to INSTALLED_APPS

    # ...

Modify your settings to match your needs

The default settings are available in provider.constants.

Include the OAuth 2 views

Add provider.oauth2.urls to your root file.

url(r'^oauth2/', include('provider.oauth2.urls', namespace = 'oauth2')),


The namespace argument is required.

Sync your database

$ python syncdb
$ python migrate

How to request an access token for the first time ?

Create a client entry in your database


To find out which type of client you need to create, read Section 2.1.

To create a new entry simply use the Django admin panel.

Request an access token

Assuming that you’ve used the same URL configuration as above, your client needs to submit a POST request to /oauth2/access_token including the following parameters:

  • client_id - The client ID you’ve configured in the Django admin.
  • client_secret - The client secret configured in the Django admin.
  • username - The username with which you want to log in.
  • password - The password corresponding to the user you’re logging in with.


$ curl -X POST -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD" http://localhost:8000/oauth2/access_token/


{"access_token": "<your-access-token>", "scope": "read", "expires_in": 86399, "refresh_token": "<your-refresh-token>"}

This particular way of obtaining an access token is called a Password Grant. All the other ways of acquiring an access token are outlined in Section 4.


Remember that you should always use HTTPS for all your OAuth 2 requests otherwise you won’t be secured.