
class oauth2_provider.models.AbstractAccessToken(*args, **kwargs)

An AccessToken instance represents the actual access token to access user’s resources, as in RFC6749 Section 5.


  • user The Django user representing resources” owner
  • source_refresh_token If from a refresh, the consumed RefeshToken
  • token Access token
  • application Application instance
  • expires Date and time of token expiration, in DateTime format
  • scope Allowed scopes

Check if the token allows the provided scopes

Parameters:scopes – An iterable containing the scopes to check

Check token expiration with timezone awareness


Checks if the access token is valid.

Parameters:scopes – An iterable containing the scopes to check or None

Convenience method to uniform tokens” interface, for now simply remove this token from the database in order to revoke it.


Returns a dictionary of allowed scope names (as keys) with their descriptions (as values)

class oauth2_provider.models.AbstractApplication(*args, **kwargs)

An Application instance represents a Client on the Authorization server. Usually an Application is created manually by client’s developers after logging in on an Authorization Server.


  • client_id The client identifier issued to the client during the
    registration process as described in RFC6749 Section 2.2
  • user ref to a Django user
  • redirect_uris The list of allowed redirect uri. The string
    consists of valid URLs separated by space
  • client_type Client type as described in RFC6749 Section 2.1
  • authorization_grant_type Authorization flows available to the
  • client_secret Confidential secret issued to the client during
    the registration process as described in RFC6749 Section 2.2
  • name Friendly name for the Application

Hook for doing any extra model-wide validation after clean() has been called on every field by self.clean_fields. Any ValidationError raised by this method will not be associated with a particular field; it will have a special-case association with the field defined by NON_FIELD_ERRORS.


Returns the default redirect_uri extracting the first item from the redirect_uris string


Returns the list of redirect schemes allowed by the Application. By default, returns ALLOWED_REDIRECT_URI_SCHEMES.


Determines whether the application can be used.

Parameters:request – The oauthlib.common.Request being processed.

Checks if given url is one of the items in redirect_uris string

Parameters:uri – Url to check
class oauth2_provider.models.AbstractGrant(*args, **kwargs)

A Grant instance represents a token with a short lifetime that can be swapped for an access token, as described in RFC6749 Section 4.1.2


  • user The Django user who requested the grant
  • code The authorization code generated by the authorization server
  • application Application instance this grant was asked for
  • expires Expire time in seconds, defaults to
  • redirect_uri Self explained
  • scope Required scopes, optional
  • code_challenge PKCE code challenge
  • code_challenge_method PKCE code challenge transform algorithm

Check token expiration with timezone awareness

class oauth2_provider.models.AbstractIDToken(*args, **kwargs)

An IDToken instance represents the actual token to access user’s resources, as in :openid:`2`.


  • user The Django user representing resources’ owner
  • jti ID token JWT Token ID, to identify an individual token
  • application Application instance
  • expires Date and time of token expiration, in DateTime format
  • scope Allowed scopes
  • created Date and time of token creation, in DateTime format
  • updated Date and time of token update, in DateTime format

Check if the token allows the provided scopes

Parameters:scopes – An iterable containing the scopes to check

Check token expiration with timezone awareness


Checks if the access token is valid.

Parameters:scopes – An iterable containing the scopes to check or None

Convenience method to uniform tokens’ interface, for now simply remove this token from the database in order to revoke it.


Returns a dictionary of allowed scope names (as keys) with their descriptions (as values)

class oauth2_provider.models.AbstractRefreshToken(*args, **kwargs)

A RefreshToken instance represents a token that can be swapped for a new access token when it expires.


  • user The Django user representing resources” owner
  • token Token value
  • application Application instance
  • access_token AccessToken instance this refresh token is
    bounded to
  • revoked Timestamp of when this refresh token was revoked

Mark this refresh token revoked and revoke related access token

class oauth2_provider.models.AccessToken(id, user, source_refresh_token, token, id_token, application, expires, scope, created, updated)
exception DoesNotExist
exception MultipleObjectsReturned
class oauth2_provider.models.Application(id, client_id, user, redirect_uris, client_type, authorization_grant_type, client_secret, name, skip_authorization, created, updated, algorithm)
exception DoesNotExist
exception MultipleObjectsReturned
class oauth2_provider.models.Grant(id, user, code, application, expires, redirect_uri, scope, created, updated, code_challenge, code_challenge_method, nonce, claims)
exception DoesNotExist
exception MultipleObjectsReturned
class oauth2_provider.models.IDToken(id, user, jti, application, expires, scope, created, updated)
exception DoesNotExist
exception MultipleObjectsReturned
class oauth2_provider.models.RefreshToken(id, user, token, application, access_token, created, updated, revoked)
exception DoesNotExist
exception MultipleObjectsReturned

Return the AccessToken admin class that is active in this project.


Return the AccessToken model that is active in this project.


Return the Application admin class that is active in this project.


Return the Application model that is active in this project.


Return the Grant admin class that is active in this project.


Return the Grant model that is active in this project.


Return the IDToken admin class that is active in this project.


Return the AccessToken model that is active in this project.


Return the RefreshToken admin class that is active in this project.


Return the RefreshToken model that is active in this project.