Mixins for Class Based Views
- class oauth2_provider.views.mixins.ClientProtectedResourceMixin
Mixin for protecting resources with client authentication as mentioned in rfc:3.2.1 This involves authenticating with any of: HTTP Basic Auth, Client Credentials and Access token in that order. Breaks off after first validation.
- class oauth2_provider.views.mixins.OAuthLibMixin
This mixin decouples Django OAuth Toolkit from OAuthLib.
Users can configure the Server, Validator and OAuthlibCore classes used by this mixin by setting the following class variables:
server_class
validator_class
oauthlib_backend_class
If these class variables are not set, it will fall back to using the classes specified in oauth2_settings (OAUTH2_SERVER_CLASS, OAUTH2_VALIDATOR_CLASS and OAUTH2_BACKEND_CLASS).
- authenticate_client(request)
Returns a boolean representing if client is authenticated with client credentials method. Returns True if authenticated.
- Parameters:
request – The current django.http.HttpRequest object
- create_authorization_response(request, scopes, credentials, allow)
A wrapper method that calls create_authorization_response on server_class instance.
- Parameters:
request – The current django.http.HttpRequest object
scopes – A space-separated string of provided scopes
credentials – Authorization credentials dictionary containing client_id, state, redirect_uri and response_type
allow – True if the user authorize the client, otherwise False
- create_revocation_response(request)
A wrapper method that calls create_revocation_response on the server_class instance.
- Parameters:
request – The current django.http.HttpRequest object
- create_token_response(request)
A wrapper method that calls create_token_response on server_class instance.
- Parameters:
request – The current django.http.HttpRequest object
- create_userinfo_response(request)
A wrapper method that calls create_userinfo_response on the server_class instance.
- Parameters:
request – The current django.http.HttpRequest object
- error_response(error, **kwargs)
Return an error to be displayed to the resource owner if anything goes awry.
- Parameters:
error –
OAuthToolkitError
- classmethod get_oauthlib_backend_class()
Return the OAuthLibCore implementation class to use
- classmethod get_oauthlib_core()
Cache and return OAuthlibCore instance so it will be created only on first request unless ALWAYS_RELOAD_OAUTHLIB_CORE is True.
- get_scopes()
This should return the list of scopes required to access the resources. By default it returns an empty list.
- classmethod get_server()
Return an instance of server_class initialized with a validator_class object
- classmethod get_server_class()
Return the OAuthlib server class to use
- classmethod get_validator_class()
Return the RequestValidator implementation class to use
- validate_authorization_request(request)
A wrapper method that calls validate_authorization_request on server_class instance.
- Parameters:
request – The current django.http.HttpRequest object
- verify_request(request)
A wrapper method that calls verify_request on server_class instance.
- Parameters:
request – The current django.http.HttpRequest object
- class oauth2_provider.views.mixins.OIDCLogoutOnlyMixin
Mixin for views that should only be accessible when OIDC and OIDC RP-Initiated Logout are enabled.
If either is not enabled:
if DEBUG is True, raises an ImproperlyConfigured exception explaining why
otherwise, returns a 404 response, logging the same warning
- class oauth2_provider.views.mixins.OIDCOnlyMixin
Mixin for views that should only be accessible when OIDC is enabled.
If OIDC is not enabled:
if DEBUG is True, raises an ImproperlyConfigured exception explaining why
otherwise, returns a 404 response, logging the same warning
- class oauth2_provider.views.mixins.ProtectedResourceMixin
Helper mixin that implements OAuth2 protection on request dispatch, specially useful for Django Generic Views
- class oauth2_provider.views.mixins.ReadWriteScopedResourceMixin(*args, **kwargs)
Helper mixin that implements “read and write scopes” behavior
- get_scopes(*args, **kwargs)
Return the scopes needed to access the resource
- Parameters:
args – Support scopes injections from the outside (not yet implemented)