djblets.webapi.auth.backends.oauth2_tokens¶

Web API support for OAuth2 authentication.

class OAuth2TokenBackendMixin[source]¶

Bases: object

A authentication backend mixin for OAuth2 tokens.

This is similar to oauth2_provider.backends.OAuth2Backend except it adds an extension point (verify_request()) for sub-classes using this mixin to add additional verification.

See also

oauth2_provider.backends.OAuth2Backend, which this implementation is based off of.

authenticate(request: HttpRequest, **kwargs) → Tuple[bool, str | None, Dict[str, str] | None] | None[source]¶

Attempt to authenticate a request.

Parameters:

• request (django.http.HttpRequest) – The HTTP request from the client.

• **credentials (dict) – The credentials for authentication.

Returns:

If authentication succeeds, the user that authenticated, otherwise None.

Return type:

django.contrib.auth.models.User

verify_request(request: HttpRequest, token: AccessToken, user: User) → bool[source]¶

Perform additional request verification.

This method can be overrided by subclasses to perform additional verification (e.g., against a custom Application model that can be enabled or disabled).

Parameters:

• request (django.http.HttpRequest) – The current HTTP request.

• token (oauth2_provider.models.AccessToken) – The access token being used.

• user (django.contrib.auth.models.User) – The user who is authenticating.

Returns:

True if the request can be verified. False if it cannot.

By default, this is always True. Subclasses can override this to perform additional checking.

Return type:

bool

class WebAPIOAuth2TokenAuthBackend[source]¶

Bases: WebAPIAuthBackend

A WebAPI auth backend for handling OAuth2 tokens.

get_credentials(request: HttpRequest) → Tuple[bool, str | None, Dict[str, str] | None] | Dict[str, Any] | None[source]¶

Return the credentials for authorization.

This will parse the Authorization header and retrieve the OAuth2 token code.

This ensures that we only accept OAuth2 tokens provided in the headers and not in the request body.

Parameters:

request (django.htttp.HttpRequest) – The current HTTP request.

Returns:

Either the OAuth2 token code, or None if it could not be parsed or was not present.

Return type:

dict

__annotations__ = {}¶