Models

class oauth2_provider.models.AbstractAccessToken(*args, **kwargs)

An AccessToken instance represents the actual access token to access user’s resources, as in RFC6749 Section 5.

Fields:

  • user The Django user representing resources” owner
  • source_refresh_token If from a refresh, the consumed RefeshToken
  • token Access token
  • application Application instance
  • expires Date and time of token expiration, in DateTime format
  • scope Allowed scopes
allow_scopes(scopes)

Check if the token allows the provided scopes

Parameters:scopes – An iterable containing the scopes to check
is_expired()

Check token expiration with timezone awareness

is_valid(scopes=None)

Checks if the access token is valid.

Parameters:scopes – An iterable containing the scopes to check or None
revoke()

Convenience method to uniform tokens” interface, for now simply remove this token from the database in order to revoke it.

scopes

Returns a dictionary of allowed scope names (as keys) with their descriptions (as values)

class oauth2_provider.models.AbstractApplication(*args, **kwargs)

An Application instance represents a Client on the Authorization server. Usually an Application is created manually by client’s developers after logging in on an Authorization Server.

Fields:

  • client_id The client identifier issued to the client during the
    registration process as described in RFC6749 Section 2.2
  • user ref to a Django user
  • redirect_uris The list of allowed redirect uri. The string
    consists of valid URLs separated by space
  • client_type Client type as described in RFC6749 Section 2.1
  • authorization_grant_type Authorization flows available to the
    Application
  • client_secret Confidential secret issued to the client during
    the registration process as described in RFC6749 Section 2.2
  • name Friendly name for the Application
clean()

Hook for doing any extra model-wide validation after clean() has been called on every field by self.clean_fields. Any ValidationError raised by this method will not be associated with a particular field; it will have a special-case association with the field defined by NON_FIELD_ERRORS.

default_redirect_uri

Returns the default redirect_uri extracting the first item from the redirect_uris string

get_allowed_schemes()

Returns the list of redirect schemes allowed by the Application. By default, returns ALLOWED_REDIRECT_URI_SCHEMES.

is_usable(request)

Determines whether the application can be used.

Parameters:request – The HTTP request being processed.
redirect_uri_allowed(uri)

Checks if given url is one of the items in redirect_uris string

Parameters:uri – Url to check
class oauth2_provider.models.AbstractGrant(*args, **kwargs)

A Grant instance represents a token with a short lifetime that can be swapped for an access token, as described in RFC6749 Section 4.1.2

Fields:

  • user The Django user who requested the grant
  • code The authorization code generated by the authorization server
  • application Application instance this grant was asked for
  • expires Expire time in seconds, defaults to
    settings.AUTHORIZATION_CODE_EXPIRE_SECONDS
  • redirect_uri Self explained
  • scope Required scopes, optional
  • code_challenge PKCE code challenge
  • code_challenge_method PKCE code challenge transform algorithm
is_expired()

Check token expiration with timezone awareness

class oauth2_provider.models.AbstractRefreshToken(*args, **kwargs)

A RefreshToken instance represents a token that can be swapped for a new access token when it expires.

Fields:

  • user The Django user representing resources” owner
  • token Token value
  • application Application instance
  • access_token AccessToken instance this refresh token is
    bounded to
  • revoked Timestamp of when this refresh token was revoked
revoke()

Mark this refresh token revoked and revoke related access token

class oauth2_provider.models.AccessToken(id, user, source_refresh_token, token, application, expires, scope, created, updated)
exception DoesNotExist
exception MultipleObjectsReturned
class oauth2_provider.models.Application(id, client_id, user, redirect_uris, client_type, authorization_grant_type, client_secret, name, skip_authorization, created, updated)
exception DoesNotExist
exception MultipleObjectsReturned
class oauth2_provider.models.Grant(id, user, code, application, expires, redirect_uri, scope, created, updated, code_challenge, code_challenge_method)
exception DoesNotExist
exception MultipleObjectsReturned
class oauth2_provider.models.RefreshToken(id, user, token, application, access_token, created, updated, revoked)
exception DoesNotExist
exception MultipleObjectsReturned
oauth2_provider.models.get_access_token_model()

Return the AccessToken model that is active in this project.

oauth2_provider.models.get_application_model()

Return the Application model that is active in this project.

oauth2_provider.models.get_grant_model()

Return the Grant model that is active in this project.

oauth2_provider.models.get_refresh_token_model()

Return the RefreshToken model that is active in this project.