A Django app that facilitates authentication using cookie-based refresh token
Project description
Django-oauth-toolkit-cookie-refresh
Django-oauth-toolkit-cookie-refresh is a Django app to that provides REST authentication endpoints which uses refresh token in httpOnly cookie. It relies on Django REST framework and Django Oauth Toolkit.
Motivation
I was using django-oauth-toolkit in a project, but I wanted the refresh token to be handled by a HttpOnly cookie, while continue having the access token sent via request/response body.
Quick start
Install using pip:
pip install django-oauth-toolkit-cookie-refresh
Or, install from source:
Set up django-oauth-toolkit and django REST framework if you haven't already:
INSTALLED_APPS = (
'django.contrib.admin',
...,
'oauth2_provider',
'rest_framework',
)
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
)
}
Include the oauth_toolkit_cookie_refresh URLconf in your project urls.py:
path('auth/', include('oauth_toolkit_cookie_refresh.urls')),
Settings
django-oauth-toolkit's settings are largely extended and used, except few default values have been overwritten. These settings are used as default unless explicitly specified:
"ACCESS_TOKEN_EXPIRE_SECONDS": 300,
"REFRESH_TOKEN_EXPIRE_SECONDS": 36000,
"REFRESH_COOKIE_NAME": "refresh_token",
"REFRESH_COOKIE_PATH": "/auth"
You can modify these settings by specifying them in the settings for django-oauth-toolkit:
OAUTH2_PROVIDER = {
...,
"ACCESS_TOKEN_EXPIRE_SECONDS": 300,
"REFRESH_TOKEN_EXPIRE_SECONDS": 36000,
"REFRESH_COOKIE_NAME": "refresh_token",
"REFRESH_COOKIE_PATH": "/auth",
...
}
If you want to use a different path for authentication than the default path, you should provide the setting
in REFRESH_COOKIE_PATH
, using a string with leading slash /
; while provide the same path in URLconf but with a
trailing slash /
.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-oauth-toolkit-cookie-refresh-1.0.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3f8fb24dda9c0d7d6a7171d43d6668c5deba91cb314a810ec360933fb6e46dc6 |
|
MD5 | 257da19dbe7c6d966687dacf434babe8 |
|
BLAKE2b-256 | bebe88cc2ab43a6bb4050e298b9faef025691368b067bde4a21c9e3599311ffb |
Hashes for django_oauth_toolkit_cookie_refresh-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 557fca63e62dde6cdf1bbf7a243d5b9c6cfcbf65a5f806e0c1b1701f3aa4ebb0 |
|
MD5 | b2d8aaa26901f219e232e31929881b42 |
|
BLAKE2b-256 | 31e448c8c024dc1bf9c7e3e7e977f412e57a9af4e3b48944fad3afdb2022a34d |