provider¶
provider.constants¶
-
provider.constants.
RESPONSE_TYPE_CHOICES
¶ Settings: OAUTH_RESPONSE_TYPE_CHOICES The response types as outlined by Section 3.1.1
-
provider.constants.
SCOPES
¶ Settings: OAUTH_SCOPES A choice of scopes. A detailed implementation is left to the developer. The current default implementation in
provider.oauth2.scope
makes use of bit shifting operations to combine read and write permissions.
-
provider.constants.
EXPIRE_DELTA
¶ Settings: OAUTH_EXPIRE_DELTA Default: datetime.timedelta(days=365) The time to expiry for access tokens as outlined in Section 4.2.2 and Section 5.1.
-
provider.constants.
EXPIRE_CODE_DELTA
¶ Settings: OAUTH_EXPIRE_CODE_DELTA Default: datetime.timedelta(seconds=10*60) The time to expiry for an authorization code grant as outlined in Section 4.1.2.
-
provider.constants.
DELETE_EXPIRED
¶ Settings: OAUTH_DELETE_EXPIRED Default: False To remove expired tokens immediately instead of letting them persist, set to True.
-
provider.constants.
ENFORCE_SECURE
¶ Settings: OAUTH_ENFORCE_SECURE Default: False To enforce secure communication on application level, set to True.
-
provider.constants.
SESSION_KEY
¶ Settings: OAUTH_SESSION_KEY Default: “oauth” Session key prefix to store temporary data while the user is completing the authentication / authorization process.
-
provider.constants.
SINGLE_ACCESS_TOKEN
¶ Settings: OAUTH_SINGLE_ACCESS_TOKEN Default: False To have the provider only create and retrieve one access token per user/client/scope combination, set to True.
provider.forms¶
-
class
provider.forms.
OAuthForm
(*args, **kwargs)[source]¶ Form class that creates shallow error dicts and exists early when a
OAuthValidationError
is raised.The shallow error dict is reused when returning error responses to the client.
The different types of errors are outlined in Section 4.2.2.1 and Section 5.2.
-
exception
provider.forms.
OAuthValidationError
[source]¶ Exception to throw inside
OAuthForm
if any OAuth2 related errors are encountered such as invalid grant type, invalid client, etc.OAuthValidationError
expects a dictionary outlining the OAuth error as its first argument when instantiating.Example: class GrantValidationForm(OAuthForm): grant_type = forms.CharField() def clean_grant(self): if not self.cleaned_data.get('grant_type') == 'code': raise OAuthValidationError({ 'error': 'invalid_grant', 'error_description': "%s is not a valid grant type" % ( self.cleaned_data.get('grant_type')) })
The different types of errors are outlined in Section 4.2.2.1 and Section 5.2.
provider.scope¶
Default scope implementation relying on bit shifting. See
provider.constants.SCOPES
for the list of available scopes.
Scopes can be combined, such as "read write"
. Note that a single
"write"
scope is not the same as "read write"
.
See provider.scope.to_int
on how scopes are combined.
-
provider.scope.
check
(wants, has)[source]¶ Check if a desired scope
wants
is part of an available scopehas
.Returns
False
if not, returnTrue
if yes.Example: If a list of scopes such as
READ = 1 << 1 WRITE = 1 << 2 READ_WRITE = READ | WRITE SCOPES = ( (READ, 'read'), (WRITE, 'write'), (READ_WRITE, 'read+write'), )
is defined, we can check if a given scope is part of another:
>>> from provider import scope >>> scope.check(READ, READ) True >>> scope.check(WRITE, READ) False >>> scope.check(WRITE, WRITE) True >>> scope.check(READ, WRITE) False >>> scope.check(READ, READ_WRITE) True >>> scope.check(WRITE, READ_WRITE) True
-
provider.scope.
names
(scope)¶ Returns a list of scope names as defined in
provider.constants.SCOPES
for a given scope integer.>>> assert ['read', 'write'] == provider.scope.names(provider.constants.READ_WRITE)
-
provider.scope.
to_int
(*names, **kwargs)[source]¶ Turns a list of scope names into an integer value.
>>> scope.to_int('read') 2 >>> scope.to_int('write') 6 >>> scope.to_int('read', 'write') 6 >>> scope.to_int('invalid') 0 >>> scope.to_int('invalid', default = 1) 1
-
provider.scope.
to_names
(scope)[source]¶ Returns a list of scope names as defined in
provider.constants.SCOPES
for a given scope integer.>>> assert ['read', 'write'] == provider.scope.names(provider.constants.READ_WRITE)
provider.templatetags.scope¶
Wrapper around
provider.scope.names
to turn an int into a list of scope names in templates.
provider.utils¶
-
provider.utils.
deserialize_instance
(model, data={})[source]¶ Translate raw data into a model instance.
-
provider.utils.
get_code_expiry
()[source]¶ Return a datetime object indicating when an authorization code should expire. Can be customized by setting
settings.OAUTH_EXPIRE_CODE_DELTA
to adatetime.timedelta
object.
-
provider.utils.
get_token_expiry
(public=True)[source]¶ Return a datetime object indicating when an access token should expire. Can be customized by setting
settings.OAUTH_EXPIRE_DELTA
to adatetime.timedelta
object.
-
provider.utils.
serialize_instance
(instance)[source]¶ Since Django 1.6 items added to the session are no longer pickled, but JSON encoded by default. We are storing partially complete models in the session (user, account, token, ...). We cannot use standard Django serialization, as these are models are not “complete” yet. Serialization will start complaining about missing relations et al.