• See http://hiidef.github.com/oauth2app for documentation.
• See https://github.com/hiidef/oauth2app for source code.
• Based on http://code.google.com/p/django-oauth2
• Support for OAuth 2.0 draft 16, http://tools.ietf.org/html/draft-ietf-oauth-v2-16

If easy_install is available, you can use:

easy_install https://github.com/hiidef/oauth2app/tarball/master 

The oauth2app module helps Django site operators provide an OAuth 2.0 interface. The module is registered as an application.

In settings.py, add 'oauth2app' to INSTALLED_APPS.

INSTALLED_APPS = ( ..., 'oauth2app' ) 

Sync the DB models.

python manage.py syncdb 

In urls.py, add /oauth2/authorize and /oauth2/token views to a new or existing app.

urlpatterns += patterns('', (r'^oauth2/missing_redirect_uri/?$', 'mysite.oauth2.views.missing_redirect_uri'), (r'^oauth2/authorize/?$', 'mysite.oauth2.views.authorize'), (r'^oauth2/token/?$', 'oauth2app.token.handler'), ) 

Create client models.

from oauth2app.models import Client Client.objects.create( name="My Sample OAuth 2.0 Client", user=user) 

Create authorize and missing_redirect_uri handlers.

from django.shortcuts import render_to_response from django.http import HttpResponseRedirect from django.template import RequestContext from django.contrib.auth.decorators import login_required from oauth2app.authorize import Authorizer, MissingRedirectURI, AuthorizationException from django import forms class AuthorizeForm(forms.Form): pass @login_required def missing_redirect_uri(request): return render_to_response( 'oauth2/missing_redirect_uri.html',{}, RequestContext(request)) @login_required def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri") except AuthorizationException, e: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': template ={} # Use any form, make sure it has CSRF protections. template["form"] = AuthorizeForm() # Appends the original OAuth2 parameters. template["form_action"] = '/oauth2/authorize?%s' % authorizer.query_string return render_to_response( 'oauth2/authorize.html', template, RequestContext(request)) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": # User agrees. Redirect to redirect_uri with success params. return authorizer.grant_redirect() else: # User refuses. Redirect to redirect_uri with error params. return authorizer.error_redirect() return HttpResponseRedirect("/") 

Authenticate requests.

from oauth2app.authenticate import Authenticator, AuthenticationException from django.http import HttpResponse def test(request): authenticator = Authenticator() try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return an error response. return authenticator.error_response(content="You didn't authenticate.") username = authenticator.user.username return HttpResponse(content="Hi %s, You authenticated!" % username) 

If you want to authenticate JSON requests try the JSONAuthenticator.

from oauth2app.authenticate import JSONAuthenticator, AuthenticationException def test(request): authenticator = JSONAuthenticator() try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return a JSON encoded error response. return authenticator.error_response() username = authenticator.user.userame # Return a JSON encoded response. return authenticator.response({"username":username}) 

An example Django project demonstrating client and server functionality is available in the repository.

https://github.com/hiidef/oauth2app/tree/develop/examples/mysite