How to generate an AccessToken programmatically in Django?

python django tastypie oauth2app
virtuexru picture virtuexru · Jul 25, 2013 · Viewed 10.9k times · Source

I'm setting up an API. Everything is working. I'm creating a token via OAuth2 python lib. I'm using TastyPie for my API.

The problem I'm facing.. is that there is no "create" token method in the AccessToken or Client models.

I can create an accessToken via the Django admin, and I can create one by doing a curl to:

myhost.com/oauth2/access_token (with all the info, secret key, client id, user & pass)

my goal is to upon successful registration of a user with my API, the oAuth client is automatically created (working) but I also want to generate the AccessToken. I cannot cURL my own server as its giving me a redirect/connection refused error so I want to do it programmatically in Python. Anyway to do this? Here's a snippet:

try:
        user = User.objects.create_user(username, password)
        user.save()

        if user:
            oauth_client = Client(user=user, name="api account", client_type=1, url="http://example.com")
            oauth_client.save()

            oauth_client_id = oauth_client.pk
            oauth_client_secret = oauth_client.client_secret

        if oauth_client:
            print user
            print oauth_client_id
            print AccessToken.objects.all()
            print '........'
            token = AccessToken(user=user, client=oauth_client_id, scope=6)
            token.save()

the last two lines above, while giving NO errors.. will NOT save a new AccessToken.

Answer

Ugur picture Ugur · Aug 2, 2014

I'm using https://github.com/caffeinehit/django-oauth2-provider. I managed to create access token and refresh token by using models. I might be bypassing grant flow. I haven't used this code in production but in development server i can perform API calls using the access token generated this way. I think it should be well tested before going to production.

#settings.py
OAUTH2_PROVIDER = {
# this is the list of available scopes
'SCOPES': {'read': 'Read scope'},
'ACCESS_TOKEN_EXPIRE_SECONDS': 36000,
} 

#views.py
expire_seconds = oauth2_settings.user_settings['ACCESS_TOKEN_EXPIRE_SECONDS']
scopes = oauth2_settings.user_settings['SCOPES']

application = Application.objects.get(name="ApplicationName")
expires = datetime.now() + timedelta(seconds=expire_seconds)
access_token = AccessToken.objects.create(
                user=user,
                application=application,
                token=random_token_generator(request),
                expires=expires,
                scope=scopes)

refresh_token = RefreshToken.objects.create(
                user=user,
                token=random_token_generator(request),
                access_token=access_token,
                application=application)

token = {
                'access_token': access_token.token,
                'token_type': 'Bearer',
                'expires_in': expire_seconds,
                'refresh_token': refresh_token.token,
                'scope': scopes}

return Response(token, status=200)

Related questions

How to change status of JsonResponse in Django

My API is returning a JSON object on error but the status code is HTTP 200: response = JsonResponse({'status': 'false', 'message': message}) return response How can I change the response code to indicate an error?

Read More
Whats the simplest and safest method to generate a API KEY and SECRET in Python

I need to generate a API key and Secret that would be stored in a Redis server. What would be the best way to generate a key and secret? I am develop a Django-tastypie framework based app.

Read More
Django Tastypie Advanced Filtering: How to do complex lookups with Q objects

I have a basic Django model like: class Business(models.Model): name = models.CharField(max_length=200, unique=True) email = models.EmailField() phone = models.CharField(max_length=40, blank=True, null=True) description = models.TextField(max_length=500) I need to execute a …

Read More