django-oauth-backend 0.2.3

UNKNOWN

Django OAuth Backend is a set of Django models which are required for implementing OAuth protocol on the server side. Those models can be used together with various other projects which implement HTTP part of the protocol. One such projects is lazr.authentication.

Usage

Usage is quite simple.

First thing is to add this application to Django’s INSTALLED_APPS list:

INSTALLED_APPS = (
    ...
    'oauth_backend'
)

Next is to integrate it with OAuth protocol provider, like lazr.authentication. It will look something like that:

# Application's WSGI file
from django.core.handlers.wsgi import WSGIHandler
from lazr.authentication.wsgi import OAuthMiddleware
from oauth_backend.models import DataStore, Consumer, Token


def oauth_authenticate(oauth_consumer, oauth_token, parameters):
    try:
        consumer = Consumer.objects.get(
            user__username=oauth_consumer.key
        )
        token = Token.objects.get(token=oauth_token.key)
        if token.consumer.key == oauth_consumer.key:
            return consumer.user
    except (Token.DoesNotExist, Consumer.DoesNotExist):
        return None


django = WSGIHandler()
application = OAuthMiddleware(
    django,
    authenticate_with=oauth_authenticate,
    data_store=DataStore(),
    protect_path_pattern="/protected"
)

Note

Where oauth_authenticate is function which checks that OAuth token is known. Additionally you can check that user associated with this token is allowed to use it, or that token itself is not expired. Because that part is highly dependant on the mechanisms of application itself it’s not provided out of the box.

History

This code was extracted from Canonical Identity Provider project. Although an extra effort was made to make sure that all dependencies are broken and this code is fully independent, it’s conceivable that some small things were missed. In that case please report those bugs on the project’s bug page.