Mixins for Class Based Views

class oauth2_provider.views.mixins.ClientProtectedResourceMixin

Mixin for protecting resources with client authentication as mentioned in rfc:3.2.1 This involves authenticating with any of: HTTP Basic Auth, Client Credentials and Access token in that order. Breaks off after first validation.

class oauth2_provider.views.mixins.OAuthLibMixin

This mixin decouples Django OAuth Toolkit from OAuthLib.

Users can configure the Server, Validator and OAuthlibCore classes used by this mixin by setting the following class variables:

  • server_class

  • validator_class

  • oauthlib_backend_class

If these class variables are not set, it will fall back to using the classes specified in oauth2_settings (OAUTH2_SERVER_CLASS, OAUTH2_VALIDATOR_CLASS and OAUTH2_BACKEND_CLASS).

authenticate_client(request)

Returns a boolean representing if client is authenticated with client credentials method. Returns True if authenticated.

Parameters:

request – The current django.http.HttpRequest object

create_authorization_response(request, scopes, credentials, allow)

A wrapper method that calls create_authorization_response on server_class instance.

Parameters:
  • request – The current django.http.HttpRequest object

  • scopes – A space-separated string of provided scopes

  • credentials – Authorization credentials dictionary containing client_id, state, redirect_uri and response_type

  • allow – True if the user authorize the client, otherwise False

create_revocation_response(request)

A wrapper method that calls create_revocation_response on the server_class instance.

Parameters:

request – The current django.http.HttpRequest object

create_token_response(request)

A wrapper method that calls create_token_response on server_class instance.

Parameters:

request – The current django.http.HttpRequest object

create_userinfo_response(request)

A wrapper method that calls create_userinfo_response on the server_class instance.

Parameters:

request – The current django.http.HttpRequest object

error_response(error, **kwargs)

Return an error to be displayed to the resource owner if anything goes awry.

Parameters:

errorOAuthToolkitError

classmethod get_oauthlib_backend_class()

Return the OAuthLibCore implementation class to use

classmethod get_oauthlib_core()

Cache and return OAuthlibCore instance so it will be created only on first request unless ALWAYS_RELOAD_OAUTHLIB_CORE is True.

get_scopes()

This should return the list of scopes required to access the resources. By default it returns an empty list.

classmethod get_server()

Return an instance of server_class initialized with a validator_class object

classmethod get_server_class()

Return the OAuthlib server class to use

classmethod get_validator_class()

Return the RequestValidator implementation class to use

validate_authorization_request(request)

A wrapper method that calls validate_authorization_request on server_class instance.

Parameters:

request – The current django.http.HttpRequest object

verify_request(request)

A wrapper method that calls verify_request on server_class instance.

Parameters:

request – The current django.http.HttpRequest object

class oauth2_provider.views.mixins.OIDCLogoutOnlyMixin

Mixin for views that should only be accessible when OIDC and OIDC RP-Initiated Logout are enabled.

If either is not enabled:

  • if DEBUG is True, raises an ImproperlyConfigured exception explaining why

  • otherwise, returns a 404 response, logging the same warning

class oauth2_provider.views.mixins.OIDCOnlyMixin

Mixin for views that should only be accessible when OIDC is enabled.

If OIDC is not enabled:

  • if DEBUG is True, raises an ImproperlyConfigured exception explaining why

  • otherwise, returns a 404 response, logging the same warning

class oauth2_provider.views.mixins.ProtectedResourceMixin

Helper mixin that implements OAuth2 protection on request dispatch, specially useful for Django Generic Views

class oauth2_provider.views.mixins.ReadWriteScopedResourceMixin(*args, **kwargs)

Helper mixin that implements “read and write scopes” behavior

get_scopes(*args, **kwargs)

Return the scopes needed to access the resource

Parameters:

args – Support scopes injections from the outside (not yet implemented)

class oauth2_provider.views.mixins.ScopedResourceMixin

Helper mixin that implements “scopes handling” behaviour

get_scopes(*args, **kwargs)

Return the scopes needed to access the resource

Parameters:

args – Support scopes injections from the outside (not yet implemented)