Models¶
-
class
oauth2_provider.models.
AbstractAccessToken
(*args, **kwargs)¶ An AccessToken instance represents the actual access token to access user’s resources, as in RFC6749 Section 5.
Fields:
user
The Django user representing resources” ownersource_refresh_token
If from a refresh, the consumed RefeshTokentoken
Access tokenapplication
Application instanceexpires
Date and time of token expiration, in DateTime formatscope
Allowed scopes
-
allow_scopes
(scopes)¶ Check if the token allows the provided scopes
Parameters: scopes – An iterable containing the scopes to check
-
is_expired
()¶ Check token expiration with timezone awareness
-
is_valid
(scopes=None)¶ Checks if the access token is valid.
Parameters: scopes – An iterable containing the scopes to check or None
-
revoke
()¶ Convenience method to uniform tokens” interface, for now simply remove this token from the database in order to revoke it.
-
scopes
¶ Returns a dictionary of allowed scope names (as keys) with their descriptions (as values)
-
class
oauth2_provider.models.
AbstractApplication
(*args, **kwargs)¶ An Application instance represents a Client on the Authorization server. Usually an Application is created manually by client’s developers after logging in on an Authorization Server.
Fields:
client_id
The client identifier issued to the client during the- registration process as described in RFC6749 Section 2.2
user
ref to a Django userredirect_uris
The list of allowed redirect uri. The string- consists of valid URLs separated by space
post_logout_redirect_uris
The list of allowed redirect uris after- an RP initiated logout. The string consists of valid URLs separated by space
client_type
Client type as described in RFC6749 Section 2.1authorization_grant_type
Authorization flows available to the- Application
client_secret
Confidential secret issued to the client during- the registration process as described in RFC6749 Section 2.2
name
Friendly name for the Application
-
clean
()¶ Hook for doing any extra model-wide validation after clean() has been called on every field by self.clean_fields. Any ValidationError raised by this method will not be associated with a particular field; it will have a special-case association with the field defined by NON_FIELD_ERRORS.
-
default_redirect_uri
¶ Returns the default redirect_uri, if only one is registered.
-
get_allowed_schemes
()¶ Returns the list of redirect schemes allowed by the Application. By default, returns ALLOWED_REDIRECT_URI_SCHEMES.
-
is_usable
(request)¶ Determines whether the application can be used.
Parameters: request – The oauthlib.common.Request being processed.
-
post_logout_redirect_uri_allowed
(uri)¶ Checks if given URI is one of the items in
post_logout_redirect_uris
stringParameters: uri – URI to check
-
redirect_uri_allowed
(uri)¶ Checks if given url is one of the items in
redirect_uris
stringParameters: uri – Url to check
-
class
oauth2_provider.models.
AbstractGrant
(*args, **kwargs)¶ A Grant instance represents a token with a short lifetime that can be swapped for an access token, as described in RFC6749 Section 4.1.2
Fields:
user
The Django user who requested the grantcode
The authorization code generated by the authorization serverapplication
Application instance this grant was asked forexpires
Expire time in seconds, defaults tosettings.AUTHORIZATION_CODE_EXPIRE_SECONDS
redirect_uri
Self explainedscope
Required scopes, optionalcode_challenge
PKCE code challengecode_challenge_method
PKCE code challenge transform algorithm
-
is_expired
()¶ Check token expiration with timezone awareness
-
class
oauth2_provider.models.
AbstractIDToken
(*args, **kwargs)¶ An IDToken instance represents the actual token to access user’s resources, as in :openid:`2`.
Fields:
user
The Django user representing resources’ ownerjti
ID token JWT Token ID, to identify an individual tokenapplication
Application instanceexpires
Date and time of token expiration, in DateTime formatscope
Allowed scopescreated
Date and time of token creation, in DateTime formatupdated
Date and time of token update, in DateTime format
-
allow_scopes
(scopes)¶ Check if the token allows the provided scopes
Parameters: scopes – An iterable containing the scopes to check
-
is_expired
()¶ Check token expiration with timezone awareness
-
is_valid
(scopes=None)¶ Checks if the access token is valid.
Parameters: scopes – An iterable containing the scopes to check or None
-
revoke
()¶ Convenience method to uniform tokens’ interface, for now simply remove this token from the database in order to revoke it.
-
scopes
¶ Returns a dictionary of allowed scope names (as keys) with their descriptions (as values)
-
class
oauth2_provider.models.
AbstractRefreshToken
(*args, **kwargs)¶ A RefreshToken instance represents a token that can be swapped for a new access token when it expires.
Fields:
user
The Django user representing resources” ownertoken
Token valueapplication
Application instanceaccess_token
AccessToken instance this refresh token is- bounded to
revoked
Timestamp of when this refresh token was revoked
-
revoke
()¶ Mark this refresh token revoked and revoke related access token
-
class
oauth2_provider.models.
AccessToken
(id, user, source_refresh_token, token, id_token, application, expires, scope, created, updated)¶ -
exception
DoesNotExist
¶
-
exception
MultipleObjectsReturned
¶
-
exception
-
class
oauth2_provider.models.
Application
(id, client_id, user, redirect_uris, post_logout_redirect_uris, client_type, authorization_grant_type, client_secret, name, skip_authorization, created, updated, algorithm)¶ -
exception
DoesNotExist
¶
-
exception
MultipleObjectsReturned
¶
-
exception
-
class
oauth2_provider.models.
ClientSecretField
(*args, db_collation=None, **kwargs)¶ -
pre_save
(model_instance, add)¶ Return field’s value just before saving.
-
-
class
oauth2_provider.models.
Grant
(id, user, code, application, expires, redirect_uri, scope, created, updated, code_challenge, code_challenge_method, nonce, claims)¶ -
exception
DoesNotExist
¶
-
exception
MultipleObjectsReturned
¶
-
exception
-
class
oauth2_provider.models.
IDToken
(id, user, jti, application, expires, scope, created, updated)¶ -
exception
DoesNotExist
¶
-
exception
MultipleObjectsReturned
¶
-
exception
-
class
oauth2_provider.models.
RefreshToken
(id, user, token, application, access_token, created, updated, revoked)¶ -
exception
DoesNotExist
¶
-
exception
MultipleObjectsReturned
¶
-
exception
-
oauth2_provider.models.
get_access_token_admin_class
()¶ Return the AccessToken admin class that is active in this project.
-
oauth2_provider.models.
get_access_token_model
()¶ Return the AccessToken model that is active in this project.
-
oauth2_provider.models.
get_application_admin_class
()¶ Return the Application admin class that is active in this project.
-
oauth2_provider.models.
get_application_model
()¶ Return the Application model that is active in this project.
-
oauth2_provider.models.
get_grant_admin_class
()¶ Return the Grant admin class that is active in this project.
-
oauth2_provider.models.
get_grant_model
()¶ Return the Grant model that is active in this project.
-
oauth2_provider.models.
get_id_token_admin_class
()¶ Return the IDToken admin class that is active in this project.
-
oauth2_provider.models.
get_id_token_model
()¶ Return the AccessToken model that is active in this project.
-
oauth2_provider.models.
get_refresh_token_admin_class
()¶ Return the RefreshToken admin class that is active in this project.
-
oauth2_provider.models.
get_refresh_token_model
()¶ Return the RefreshToken model that is active in this project.
-
oauth2_provider.models.
redirect_to_uri_allowed
(uri, allowed_uris)¶ Checks if a given uri can be redirected to based on the provided allowed_uris configuration.
On top of exact matches, this function also handles loopback IPs based on RFC 8252.
Parameters: - uri – URI to check
- allowed_uris – A list of URIs that are allowed