Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jeanribes/oauth-slave-accounts

Custom Django Oauth backend for Ressource Servers to download full user data fom Authorization Server
https://github.com/jeanribes/oauth-slave-accounts

django oauth2

Last synced: 8 days ago
JSON representation

Custom Django Oauth backend for Ressource Servers to download full user data fom Authorization Server

Host: GitHub
URL: https://github.com/jeanribes/oauth-slave-accounts
Owner: JeanRibes
Created: 2018-08-11T09:02:36.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2022-12-08T02:21:47.000Z (about 2 years ago)
Last Synced: 2023-03-05T13:39:14.308Z (almost 2 years ago)
Topics: django, oauth2
Language: Python
Size: 6.84 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 4
Metadata Files:
- Readme: README.rst

Awesome Lists containing this project

README

        Ressource Server Utilities

==========================

If you've read RFCs on OAuth or (more likely) the **django-oauth-toolkit** docs, you know that a *Ressource Server* sorts

of delegates user authentication to the *Authorization Server*.

But the current implementation in *Django OAuth Toolkit* only copies the username from the *Authorization Server* in its

database. This implies that all users have no special permissions, i.e. you lose administrator rights when you access

the *Ressource Server* !

The class FullUserOAuthBackend aims to fix this by fetching the full user model from the *Authorization Server* after

you've accessed the *Ressource Server*.

Installation

------------

`pip install oauth-slave-accounts`

Setup

-----

Authorization Server

~~~~~~~~~~~~~~~~~~~~

You need to create an endpoint that exposes user data in a json manner (or further override my methods), the easiest being

a DjangoRestFramework ModelViewset.

The current implementation uses the user's Authorization token as `lookup_field`.

.. code:: python

    class UserViewSet(viewset.ReadOnlyModelViewSet):

        queryset = User.objects.all()

        serializer_class = UserSerializer

        permission_classes = [ServerServerPermission]

        def get_object(self):

            return  AccessToken.objects.get(token=self.kwargs.get('pk')).user

..

 **pro tip:** you should exclude the password from the serializer, because its confidential even if salted, and furthermore its useability probably depends on the `SECRET_KEY`

Ressource Server

~~~~~~~~~~~~~~~~

Subclass `ressource_server_utils.backend.FullUserOAuthBackend` and override the following :

 * property fetch_url : a string that describes your *Authorization Server*'s endpoint to get User data e.g. `http://auth.srv/user/{}/`

 * property UserSerializer : a DjangoRestFramework Serializer that defines how to parse your *Authorization Server*'s response

 * And optionnally

    - method get_auth_token()

    - method refresh_auth_token()