Django OAuth Backend is a set of Django models which are required for implementing OAuth protocol on the server side. Those models can be used together with various other projects which implement HTTP part of the protocol. One such projects is lazr.authentication.
Usage is quite simple.
First thing is to add this application to Django’s INSTALLED_APPS list:
INSTALLED_APPS = ( ... 'oauth_backend' )
# Application's WSGI file from django.core.handlers.wsgi import WSGIHandler from lazr.authentication.wsgi import OAuthMiddleware from oauth_backend.models import DataStore, Consumer, Token def oauth_authenticate(oauth_consumer, oauth_token, parameters): try: consumer = Consumer.objects.get( user__username=oauth_consumer.key ) token = Token.objects.get(token=oauth_token.key) if token.consumer.key == oauth_consumer.key: return consumer.user except (Token.DoesNotExist, Consumer.DoesNotExist): return None django = WSGIHandler() application = OAuthMiddleware( django, authenticate_with=oauth_authenticate, data_store=DataStore(), protect_path_pattern="/protected" )
Where oauth_authenticate is function which checks that OAuth token is known. Additionally you can check that user associated with this token is allowed to use it, or that token itself is not expired. Because that part is highly dependant on the mechanisms of application itself it’s not provided out of the box.
This code was extracted from Canonical Identity Provider project. Although an extra effort was made to make sure that all dependencies are broken and this code is fully independent, it’s conceivable that some small things were missed. In that case please report those bugs on the project’s bug page.