Models¶

class oauth2_provider.models.AbstractAccessToken(*args, **kwargs)¶

An AccessToken instance represents the actual access token to access user’s resources, as in RFC6749 Section 5.

Fields:

user The Django user representing resources’ owner
token Access token
application Application instance
expires Date and time of token expiration, in DateTime format
scope Allowed scopes

allow_scopes(scopes)¶

Check if the token allows the provided scopes

Parameters:	scopes – An iterable containing the scopes to check

is_expired()¶: Check token expiration with timezone awareness

is_valid(scopes=None)¶

Checks if the access token is valid.

Parameters:	scopes – An iterable containing the scopes to check or None

revoke()¶: Convenience method to uniform tokens’ interface, for now simply remove this token from the database in order to revoke it.

scopes¶: Returns a dictionary of allowed scope names (as keys) with their descriptions (as values)

class oauth2_provider.models.AbstractApplication(*args, **kwargs)¶

An Application instance represents a Client on the Authorization server. Usually an Application is created manually by client’s developers after logging in on an Authorization Server.

Fields:

client_id The client identifier issued to the client during the

registration process as described in RFC6749 Section 2.2
user ref to a Django user
redirect_uris The list of allowed redirect uri. The string

consists of valid URLs separated by space
client_type Client type as described in RFC6749 Section 2.1
authorization_grant_type Authorization flows available to the

Application
client_secret Confidential secret issued to the client during

the registration process as described in RFC6749 Section 2.2
name Friendly name for the Application

default_redirect_uri¶: Returns the default redirect_uri extracting the first item from the redirect_uris string

is_usable(request)¶

Determines whether the application can be used.

Parameters:	request – The HTTP request being processed.

redirect_uri_allowed(uri)¶

Checks if given url is one of the items in redirect_uris string

Parameters:	uri – Url to check

class oauth2_provider.models.AbstractGrant(*args, **kwargs)¶

A Grant instance represents a token with a short lifetime that can be swapped for an access token, as described in RFC6749 Section 4.1.2

Fields:

user The Django user who requested the grant
code The authorization code generated by the authorization server
application Application instance this grant was asked for
expires Expire time in seconds, defaults to

settings.AUTHORIZATION_CODE_EXPIRE_SECONDS
redirect_uri Self explained
scope Required scopes, optional

is_expired()¶: Check token expiration with timezone awareness

class oauth2_provider.models.AbstractRefreshToken(*args, **kwargs)¶

A RefreshToken instance represents a token that can be swapped for a new access token when it expires.

Fields:

user The Django user representing resources’ owner
token Token value
application Application instance
access_token AccessToken instance this refresh token is

bounded to

revoke()¶: Delete this refresh token along with related access token

class oauth2_provider.models.AccessToken(id, user, token, application, expires, scope, created, updated)¶

class oauth2_provider.models.Application(id, client_id, user, redirect_uris, client_type, authorization_grant_type, client_secret, name, skip_authorization, created, updated)¶

class oauth2_provider.models.Grant(id, user, code, application, expires, redirect_uri, scope, created, updated)¶

class oauth2_provider.models.RefreshToken(id, user, token, application, access_token, created, updated)¶

oauth2_provider.models.get_access_token_model()¶: Return the AccessToken model that is active in this project.

oauth2_provider.models.get_application_model()¶: Return the Application model that is active in this project.

oauth2_provider.models.get_grant_model()¶: Return the Grant model that is active in this project.

oauth2_provider.models.get_refresh_token_model()¶: Return the RefreshToken model that is active in this project.