Jump to >

This documentation covers the in-development release of Djblets. You can see the stable Djblets documentation or all previous versions.


Web API support for OAuth2 authentication.

class OAuth2TokenBackendMixin[source]

Bases: object

A authentication backend mixin for OAuth2 tokens.

This is similar to oauth2_provider.backends.OAuth2Backend except it adds an extension point (verify_request()) for sub-classes using this mixin to add additional verification.

See also

oauth2_provider.backends.OAuth2Backend, which this implementation is based off of.

authenticate(request: HttpRequest, **kwargs) Tuple[bool, str | None, Dict[str, str] | None] | None[source]

Attempt to authenticate a request.


If authentication succeeds, the user that authenticated, otherwise None.

Return type:


verify_request(request: HttpRequest, token: AccessToken, user: User) bool[source]

Perform additional request verification.

This method can be overrided by subclasses to perform additional verification (e.g., against a custom Application model that can be enabled or disabled).


True if the request can be verified. False if it cannot.

By default, this is always True. Subclasses can override this to perform additional checking.

Return type:


class WebAPIOAuth2TokenAuthBackend[source]

Bases: WebAPIAuthBackend

A WebAPI auth backend for handling OAuth2 tokens.

get_credentials(request: HttpRequest) Tuple[bool, str | None, Dict[str, str] | None] | Dict[str, Any] | None[source]

Return the credentials for authorization.

This will parse the Authorization header and retrieve the OAuth2 token code.

This ensures that we only accept OAuth2 tokens provided in the headers and not in the request body.


request (django.htttp.HttpRequest) – The current HTTP request.


Either the OAuth2 token code, or None if it could not be parsed or was not present.

Return type:


__annotations__ = {}