Mixins for Class Based Views

class oauth2_provider.views.mixins.ClientProtectedResourceMixin

Mixin for protecting resources with client authentication as mentioned in rfc:3.2.1 This involves authenticating with any of: HTTP Basic Auth, Client Credentials and Access token in that order. Breaks off after first validation.

class oauth2_provider.views.mixins.OAuthLibMixin

This mixin decouples Django OAuth Toolkit from OAuthLib.

Users can configure the Server, Validator and OAuthlibCore classes used by this mixin by setting the following class variables:

  • server_class
  • validator_class
  • oauthlib_backend_class

If these class variables are not set, it will fall back to using the classes specified in oauth2_settings (OAUTH2_SERVER_CLASS, OAUTH2_VALIDATOR_CLASS and OAUTH2_BACKEND_CLASS).

authenticate_client(request)

Returns a boolean representing if client is authenticated with client credentials method. Returns True if authenticated.

Parameters:request – The current django.http.HttpRequest object
create_authorization_response(request, scopes, credentials, allow)

A wrapper method that calls create_authorization_response on server_class instance.

Parameters:
  • request – The current django.http.HttpRequest object
  • scopes – A space-separated string of provided scopes
  • credentials – Authorization credentials dictionary containing client_id, state, redirect_uri and response_type
  • allow – True if the user authorize the client, otherwise False
create_revocation_response(request)

A wrapper method that calls create_revocation_response on the server_class instance.

Parameters:request – The current django.http.HttpRequest object
create_token_response(request)

A wrapper method that calls create_token_response on server_class instance.

Parameters:request – The current django.http.HttpRequest object
create_userinfo_response(request)

A wrapper method that calls create_userinfo_response on the server_class instance.

Parameters:request – The current django.http.HttpRequest object
error_response(error, **kwargs)

Return an error to be displayed to the resource owner if anything goes awry.

Parameters:errorOAuthToolkitError
classmethod get_oauthlib_backend_class()

Return the OAuthLibCore implementation class to use

classmethod get_oauthlib_core()

Cache and return OAuthlibCore instance so it will be created only on first request unless ALWAYS_RELOAD_OAUTHLIB_CORE is True.

get_scopes()

This should return the list of scopes required to access the resources. By default it returns an empty list.

classmethod get_server()

Return an instance of server_class initialized with a validator_class object

classmethod get_server_class()

Return the OAuthlib server class to use

classmethod get_validator_class()

Return the RequestValidator implementation class to use

validate_authorization_request(request)

A wrapper method that calls validate_authorization_request on server_class instance.

Parameters:request – The current django.http.HttpRequest object
verify_request(request)

A wrapper method that calls verify_request on server_class instance.

Parameters:request – The current django.http.HttpRequest object
class oauth2_provider.views.mixins.OIDCOnlyMixin

Mixin for views that should only be accessible when OIDC is enabled.

If OIDC is not enabled:

  • if DEBUG is True, raises an ImproperlyConfigured exception explaining why
  • otherwise, returns a 404 response, logging the same warning
class oauth2_provider.views.mixins.ProtectedResourceMixin

Helper mixin that implements OAuth2 protection on request dispatch, specially useful for Django Generic Views

class oauth2_provider.views.mixins.ReadWriteScopedResourceMixin

Helper mixin that implements “read and write scopes” behavior

get_scopes(*args, **kwargs)

Return the scopes needed to access the resource

Parameters:args – Support scopes injections from the outside (not yet implemented)
class oauth2_provider.views.mixins.ScopedResourceMixin

Helper mixin that implements “scopes handling” behaviour

get_scopes(*args, **kwargs)

Return the scopes needed to access the resource

Parameters:args – Support scopes injections from the outside (not yet implemented)