From 67c06fad9b605f768a914a8707ceb8c53ad24e6d Mon Sep 17 00:00:00 2001 From: juanifioren Date: Thu, 18 Feb 2016 16:24:31 -0300 Subject: [PATCH] Add OAuth2 documentation. --- docs/index.rst | 4 ++-- docs/sections/oauth2.rst | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 docs/sections/oauth2.rst diff --git a/docs/index.rst b/docs/index.rst index f122aaf..466355f 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,13 +1,12 @@ Welcome to Django OIDC Provider Documentation! ============================================== -Django OIDC Provider can help you providing out of the box all the endpoints, data and logic needed to add OpenID Connect capabilities to your Django projects. +Django OIDC Provider can help you providing out of the box all the endpoints, data and logic needed to add OpenID Connect capabilities to your Django projects. And as a side effect a fair implementation of OAuth2.0 too. -------------------------------------------------------------------------------- Before getting started there are some important things that you should know: -* Although OpenID was built on top of OAuth2, this isn't an OAuth2 server. Maybe in a future it will be. * Despite that implementation MUST support TLS. You can make request without using SSL. There is no control on that. * This cover **Authorization Code Flow** and **Implicit Flow**, NO support for **Hybrid Flow** at this moment. * Only support for requesting Claims using Scope Values. @@ -24,6 +23,7 @@ Contents: sections/serverkeys sections/templates sections/claims + sections/oauth2 sections/settings sections/contribute .. diff --git a/docs/sections/oauth2.rst b/docs/sections/oauth2.rst new file mode 100644 index 0000000..bd8f545 --- /dev/null +++ b/docs/sections/oauth2.rst @@ -0,0 +1,27 @@ +.. _oauth2: + +OAuth2 Server +############# + +Because OIDC is a layer on top of the OAuth 2.0 protocol, this package gives you a simple but effective OAuth2 server that you can use not only for logging in your users on multiple platforms, also to protect some resources you want to expose. + +Protecting Views +================ + +Here we are going to protect a view with a scope called ``testscope``:: + + from django.http import JsonResponse + from django.views.decorators.http import require_http_methods + + from oidc_provider.lib.utils.oauth2 import protected_resource_view + + + @require_http_methods(['GET']) + @protected_resource_view(['testscope']) + def protected_api(request, *args, **kwargs): + + dic = { + 'protected': 'information', + } + + return JsonResponse(dic, status=200)