Models

class oauth2_provider.models.AbstractApplication(*args, **kwargs)

An Application instance represents a Client on the Authorization server. Usually an Application is created manually by client’s developers after logging in on an Authorization Server.

Fields:

  • client_id The client identifier issued to the client during the

    registration process as described in RFC6749 Section 2.2

  • user ref to a Django user

  • redirect_uris The list of allowed redirect uri. The string

    consists of valid URLs separated by space

  • client_type Client type as described in RFC6749 Section 2.1

  • authorization_grant_type Authorization flows available to the

    Application

  • client_secret Confidential secret issued to the client during

    the registration process as described in RFC6749 Section 2.2

  • name Friendly name for the Application

default_redirect_uri

Returns the default redirect_uri extracting the first item from the redirect_uris string

redirect_uri_allowed(uri)

Checks if given url is one of the items in redirect_uris string

Parameters:uri – Url to check
class oauth2_provider.models.AccessToken(*args, **kwargs)

An AccessToken instance represents the actual access token to access user’s resources, as in RFC6749 Section 5.

Fields:

  • user The Django user representing resources’ owner

  • token Access token

  • application Application instance

  • expires Expire time in seconds, defaults to

    settings.ACCESS_TOKEN_EXPIRE_SECONDS

  • scope Allowed scopes

allow_scopes(scopes)

Check if the token allows the provided scopes

Parameters:scopes – An iterable containing the scopes to check
is_expired()

Check token expiration with timezone awareness

is_valid(scopes=None)

Checks if the access token is valid.

Parameters:scopes – An iterable containing the scopes to check or None
class oauth2_provider.models.Application(*args, **kwargs)

Application(id, client_id, user_id, redirect_uris, client_type, authorization_grant_type, client_secret, name)

class oauth2_provider.models.Grant(*args, **kwargs)

A Grant instance represents a token with a short lifetime that can be swapped for an access token, as described in RFC6749 Section 4.1.2

Fields:

  • user The Django user who requested the grant

  • code The authorization code generated by the authorization server

  • application Application instance this grant was asked for

  • expires Expire time in seconds, defaults to

    settings.AUTHORIZATION_CODE_EXPIRE_SECONDS

  • redirect_uri Self explained

  • scope Required scopes, optional

is_expired()

Check token expiration with timezone awareness

class oauth2_provider.models.RefreshToken(*args, **kwargs)

A RefreshToken instance represents a token that can be swapped for a new access token when it expires.

Fields:

  • user The Django user representing resources’ owner

  • token Token value

  • application Application instance

  • access_token AccessToken instance this refresh token is

    bounded to

oauth2_provider.models.get_application_model()

Return the Application model that is active in this project.