OAuth2 with Django
Before we begin, If you’re not sure about OAuth, please go to this link for checking out a few about it.
Okay then, Hope you got everything about OAuth, let’s start.
We, here going to make a simple django microservice, which will have some APIs for Users and Groups. This service will be authenticated through OAuth 2.0.
Let’s create a django project. I am assuming you use python3 and pip3.
$ django-admin startproject django_oauth2Go into the project directory, install django rest framework and django OAuth toolkit.
$ pip install djangorestframework django-oauth-toolkitAnd then, create an app inside the project
$ python manage.py startapp oauth_testNow, Let’s open the project in an IDE or Editor.
Open `settings.py` and the new app, restframework and oauth provider to installed apps.
INSTALLED_APPS = [
...
...
'oauth_test',
'oauth2_provider',
'rest_framework',
]Then add the scopes needed for OAuth 2.
OAUTH2_PROVIDER = {
# this is the list of available scopes
'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
}And the authentication classes and permission classes for rest framework
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}Now, let’s create a `serializer.py` file inside the new app(oauth_test). This is for serialising the models we have.
Let’s make some views then, go to the views.py and create some views for user list, user details and group list.
No go to urls.py and configure some URL patterns for OAuth operations, fetching users lists, user details and user groups.
After all these, migrate your changes
$ python manage.py makemigrations
$ python manage.py migrateNow, create a superuser, remember your username and password.
$ python manage.py createsuperuserIt’s time to run your microservice.
$ python manage.py runserverNow you will be able to access all the URL patterns you configured.
Let’s check it. After all these inorder to get the OAuth Token, you must have an app registered.
Before that, you have to login as admin(super user, you just created). Go to http://localhost:8000/admin/ and login.
To register an app, you have to go to http://localhost:8000/o/applications/
You will have a screen like this,
Click on the `click here` link to register a new app. It will take you to a form, Do fill it like below.
And save it. Now you have created an app for OAuth. And it’s time for generating your OAuth token.
For this, you will need to call the endpoint http://localhost:8000/o/token/ with basic authorisation headers, username, password and grant_type.
Here, I am using postman,
Basic Authorisation Headers
This username will be the Client id of the app you just registered, and the password will be Client secret just like
Request Body
We will have to pass parameters username, password and grant_type in the request body. Here, I’m using the form-data method to pass the body.
Once you call this API with exact credentials, you will get response with an OAuth access token in it, just like below
{
“access_token”: “VQVXQNlQFKmZPABygyDH8Wir8fwp0f”,
“expires_in”: 36000,
“token_type”: “Bearer”,
“scope”: “read write groups”,
“refresh_token”: “oCrgBS6lDgqZcC2hXKdM2zh0jhd3MM”
}Now using this token as a bearer token authentication, you can call /users and /groups APIs.
Example:
I’m going to call the users API to get a list of users.
Scopes
You can decide the scopes while generating access token. You have to add one more parameter to the request body and it is scope
scope: read →Will be able to call data fetch APIs
scope: write →Will be able to call update APIs
scope: groups →Will be able to call user groups based APIs
Hope this post will be helpful for those who looking for a good authentication method for django microservices.
You like it? Then Buy Me A Coffee. I luvv coffee.
C O D E . F O O D . T R A V E L
www.buymeacoffee.com
Keep in touch.
