Models

class oauth2_provider.models.AbstractApplication(*args, **kwargs)

An Application instance represents a Client on the Authorization server. Usually an Application is created manually by client’s developers after logging in on an Authorization Server.

Fields:

  • client_id The client identifier issued to the client during the
    registration process as described in RFC6749 Section 2.2
  • user ref to a Django user
  • redirect_uris The list of allowed redirect uri. The string
    consists of valid URLs separated by space
  • client_type Client type as described in RFC6749 Section 2.1
  • authorization_grant_type Authorization flows available to the
    Application
  • client_secret Confidential secret issued to the client during
    the registration process as described in RFC6749 Section 2.2
  • name Friendly name for the Application
default_redirect_uri

Returns the default redirect_uri extracting the first item from the redirect_uris string

redirect_uri_allowed(uri)

Checks if given url is one of the items in redirect_uris string

Parameters:uri – Url to check
class oauth2_provider.models.AccessToken(*args, **kwargs)

An AccessToken instance represents the actual access token to access user’s resources, as in RFC6749 Section 5.

Fields:

  • user The Django user representing resources’ owner
  • token Access token
  • application Application instance
  • expires Date and time of token expiration, in DateTime format
  • scope Allowed scopes
allow_scopes(scopes)

Check if the token allows the provided scopes

Parameters:scopes – An iterable containing the scopes to check
is_expired()

Check token expiration with timezone awareness

is_valid(scopes=None)

Checks if the access token is valid.

Parameters:scopes – An iterable containing the scopes to check or None
revoke()

Convenience method to uniform tokens’ interface, for now simply remove this token from the database in order to revoke it.

scopes

Returns a dictionary of allowed scope names (as keys) with their descriptions (as values)

class oauth2_provider.models.Application(id, client_id, user, redirect_uris, client_type, authorization_grant_type, client_secret, name, skip_authorization)
class oauth2_provider.models.Grant(*args, **kwargs)

A Grant instance represents a token with a short lifetime that can be swapped for an access token, as described in RFC6749 Section 4.1.2

Fields:

  • user The Django user who requested the grant
  • code The authorization code generated by the authorization server
  • application Application instance this grant was asked for
  • expires Expire time in seconds, defaults to
    settings.AUTHORIZATION_CODE_EXPIRE_SECONDS
  • redirect_uri Self explained
  • scope Required scopes, optional
is_expired()

Check token expiration with timezone awareness

class oauth2_provider.models.RefreshToken(*args, **kwargs)

A RefreshToken instance represents a token that can be swapped for a new access token when it expires.

Fields:

  • user The Django user representing resources’ owner
  • token Token value
  • application Application instance
  • access_token AccessToken instance this refresh token is
    bounded to
revoke()

Delete this refresh token along with related access token

oauth2_provider.models.get_application_model()

Return the Application model that is active in this project.