django-oidc-provider/docs/sections/oauth2.rst
Juan Ignacio Fiorentino 42df40c16d Fix docs.
2018-04-08 18:29:10 -03:00

61 lines
1.9 KiB
ReStructuredText

.. _oauth2:
OAuth2 Server
#############
Because OIDC is a layer on top of the OAuth 2.0 protocol, this package also gives you a simple but effective OAuth2 server that you can use not only for logging in your users on multiple platforms, but also to protect other resources you want to expose.
Protecting Views
================
Here we are going to protect a view with a scope called ``read_books``::
from django.http import JsonResponse
from django.views.decorators.http import require_http_methods
from oidc_provider.lib.utils.oauth2 import protected_resource_view
@require_http_methods(['GET'])
@protected_resource_view(['read_books'])
def protected_api(request, *args, **kwargs):
dic = {
'protected': 'information',
}
return JsonResponse(dic, status=200)
Client Credentials Grant
========================
The client can request an access token using only its client credentials (ID and SECRET) when the client is requesting access to the protected resources under its control, that have been previously arranged with the authorization server using the ``client.scope`` field.
.. note::
You can use Django admin to manually set the client scope or programmatically::
client.scope = ['read_books', 'add_books']
client.save()
This is how the request should look like::
POST /token HTTP/1.1
Host: localhost:8000
Authorization: Basic eWZ3a3c0cWxtaHY0cToyVWE0QjVzRlhmZ3pNeXR5d1FqT01jNUsxYmpWeXhXeXRySVdsTmpQbld3\
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
A successful access token response will like this::
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"token_type" : "Bearer",
"access_token" : "eyJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.eyJzY3AiOlsib3BlbmlkIiw...",
"expires_in" : 3600,
"scope" : "read_books add_books"
}