Simple OAuth2 client package allowing to define OAuth2 / OpenID providers through settings.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for codoc from gravatar.com codoc Avatar for qcoumes from gravatar.com qcoumes

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

DRF Simple OAuth2

PyPI Version Documentation Status Tests Python 3.10+ Django 4.2+ License MIT codecov CodeFactor

DRF Simple OAuth2 is an OAuth2/OpenID Connect client for Django REST Framework. It lets you define one or many providers entirely via settings.

You can view the full documentation at https://drf-simple-oauth2.readthedocs.io/en/latest/.

Features

  • Provides endpoints for the OAuth2 Authorization Code flow.
  • Supports multiple OAuth2/OpenID providers at once.
  • Supports PKCE (Proof Key for Code Exchange).
  • Customize the user creation/update logic using the information retrieved from the provider.

Requirements

drf-simple-oauth2 supports the officially supported versions of its dependencies (mainstream & LTS):

Installation

Install via pip:

pip install drf-simple-oauth2

Add the app:

INSTALLED_APPS = [
    ...
    "simple_oauth2",
    ...
]

Include URLs in your project’s urls.py:

from django.urls import include, path

urlpatterns = [
    ...
    path("", include("simple_oauth2.urls", namespace="simple_oauth2")),
    ...
]

Configuration

Define SIMPLE_OAUTH2 in your Django settings:

SIMPLE_OAUTH2 = {
    "auth0": {
        "CLIENT_ID": "<your-auth0-client-id>",
        "CLIENT_SECRET": "<your-auth0-client-secret>",
        "BASE_URL": "<your-auth0-domain>.<region>.auth0.com",
        "REDIRECT_URI": "http://localhost:8080/app/auth0/callback",
        "POST_LOGOUT_REDIRECT_URI": "http://localhost:8080/app",
    },
    "google": {
        "CLIENT_ID": "<your-google-client-id>",
        "CLIENT_SECRET": "<your-google-client-secret>",
        "BASE_URL": "accounts.google.com",
        "REDIRECT_URI": "http://localhost:8080/app/google/callback",
        "POST_LOGOUT_REDIRECT_URI": "http://localhost:8080/app",
    },
}

See the documentation for all available settings.

Usage

The following assumes you mounted simple_oauth2 URLs at the empty path ("") as shown above.

The flow below describes interactions between a frontend (App), a backend (API), and an OAuth2/OpenID provider (Provider). You can find a more detailed explanation in the documentation.

1) Redirect the user to the provider

Request the provider-specific authorization URL from your API, then redirect the browser to it:

GET http://localhost:8000/oauth2/url/?provider=auth0

{
  "url": "https://example.com/authorize?response_type=code&client_id=client&scope=openid+profile+email&nonce=085c979c02ecb914a4c6210ad1902037825c18fe8d9b0a1ca0daae113b7747035170e9400c6ec5c7439e1caa3249cc20d52975b34777778c2949f63a14accfb0&state=9143617326b20fa6b3f436001096f5365e1ccb2689becc75091399fb3b3b4f834333f4dada0c44b2d167326d6ddc279698a0b05a0720c45620b8696e944101c4&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code_challenge=vo8kwt0Nrf.jfMj8HmMGKJeGJH8SFY8bVhKidrQkg7q2IeW~nfRrdlM4QosTTgjMnMmyzVAC3i5n.lOPx0NJvgB1G7~FSaDVwhTFM-UehPrp6~~lht6jbLVs-9Tlxsld&code_challenge_method=plain"
}

After consent, the provider redirects back to your App at REDIRECT_URI with code and state parameters.

2) Exchange the code at your API

POST the code and state to your API:

POST http://localhost:8000/oauth2/token/
{
  "provider": "auth0",
  "code": "<code>",
  "state": "<state>"
}

{
  "api": {
    "access": "<access_token>",
    "refresh": "<refresh_token>"
  },
  "provider": {
    "access_token": "<access_token>",
    "id_token": "<id_token>",
    "refresh_token": "<refresh_token>",
    "logout_url": "https://example.com/v2/logout?..."
  }
}

Note: refresh_token may be absent depending on the provider configuration.

The response payload is produced by TOKEN_PAYLOAD_HANDLER, which issues JWTs via djangorestframework-simplejwt and returns the provider’s tokens.
The api object contains tokens for authenticating against your API; the provider object contains tokens for the provider.

Calling /oauth2/token/ will also ensure a user exists in your database. This is handled by TOKEN_USERINFO_HANDLER (defaults to simple_oauth2.utils.get_user). It first tries to match a user via the sub claim from the ID Token; otherwise, it uses claims/UserInfo to retrieve or create a user.

You can customize both behaviors per provider via the TOKEN_PAYLOAD_HANDLER and TOKEN_USERINFO_HANDLER` settings.

3) Logout

To log out from both your API and the provider:

  1. Log the user out from your API.
  2. Redirect the user to the logout_url returned in the provider object from /oauth2/token/.

The provider will redirect back to your App using POST_LOGOUT_REDIRECT_URI.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for codoc from gravatar.com codoc Avatar for qcoumes from gravatar.com qcoumes

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

1.0.5

1.0.4

This version

1.0.3

1.0.2

1.0.1 yanked

1.0.0 yanked

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

drf_simple_oauth2-1.0.3.tar.gz (16.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

drf_simple_oauth2-1.0.3-py3-none-any.whl (15.8 kB view details)

Uploaded Python 3

File details

Details for the file drf_simple_oauth2-1.0.3.tar.gz.

File metadata

  • Download URL: drf_simple_oauth2-1.0.3.tar.gz
  • Upload date:
  • Size: 16.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for drf_simple_oauth2-1.0.3.tar.gz
Algorithm Hash digest
SHA256 698cbd24356cf595ed554c8f8daa9cccefaa739e00f26a3f2896d1bd35cd1951
MD5 cd847ed95cd271735bba8cef280252b2
BLAKE2b-256 acec7ccc954f4f0e59578dc5e50dce20caa9186a2d4495ac38a7172a7c202064

See more details on using hashes here.

Provenance

The following attestation bundles were made for drf_simple_oauth2-1.0.3.tar.gz:

Publisher: test_and_publish.yml on Codoc-os/drf-simple-oauth2

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file drf_simple_oauth2-1.0.3-py3-none-any.whl.

File metadata

File hashes

Hashes for drf_simple_oauth2-1.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 6e21b72555b2dee7aca39790ff943ffcfdf72c70903811f547509d47976b61fc
MD5 c781452d8a7d6788ca540fca46cc9cdd
BLAKE2b-256 267e886cba7847c751119255d3ce961aec285bc97325dd1a7d6a7ac6da5c3928

See more details on using hashes here.

Provenance

The following attestation bundles were made for drf_simple_oauth2-1.0.3-py3-none-any.whl:

Publisher: test_and_publish.yml on Codoc-os/drf-simple-oauth2

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page