1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
|
Management commands
===================
Django OAuth Toolkit exposes some useful management commands that can be run via shell or by other means such as cron
or :doc:`Celery <tutorial/tutorial_05>`.
.. _cleartokens:
.. _createapplication:
cleartokens
~~~~~~~~~~~
The ``cleartokens`` management command allows the user to remove those refresh tokens whose lifetime is greater than the
amount specified by ``REFRESH_TOKEN_EXPIRE_SECONDS`` settings. It is important that this command is run regularly
(eg: via cron) to avoid cluttering the database with expired refresh tokens.
If ``cleartokens`` runs daily the maximum delay before a refresh token is
removed is ``REFRESH_TOKEN_EXPIRE_SECONDS`` + 1 day. This is normally not a
problem since refresh tokens are long lived.
To prevent the CPU and RAM high peaks during deletion process use ``CLEAR_EXPIRED_TOKENS_BATCH_SIZE`` and
``CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL`` settings to adjust the process speed.
The ``cleartokens`` management command will also delete expired access and ID tokens alongside expired refresh tokens.
Note: Refresh tokens need to expire before AccessTokens can be removed from the
database. Using ``cleartokens`` without ``REFRESH_TOKEN_EXPIRE_SECONDS`` has limited effect.
createapplication
~~~~~~~~~~~~~~~~~
The ``createapplication`` management command provides a shortcut to create a new application in a programmatic way.
.. code-block:: sh
usage: manage.py createapplication [-h] [--client-id CLIENT_ID] [--user USER]
[--redirect-uris REDIRECT_URIS]
[--post-logout-redirect-uris POST_LOGOUT_REDIRECT_URIS]
[--client-secret CLIENT_SECRET]
[--name NAME] [--skip-authorization]
[--algorithm ALGORITHM] [--version]
[-v {0,1,2,3}] [--settings SETTINGS]
[--pythonpath PYTHONPATH] [--traceback]
[--no-color] [--force-color]
[--skip-checks]
client_type authorization_grant_type
Shortcut to create a new application in a programmatic way
positional arguments:
client_type The client type, one of: confidential, public
authorization_grant_type
The type of authorization grant to be used, one of:
authorization-code, implicit, password, client-
credentials, openid-hybrid
optional arguments:
-h, --help show this help message and exit
--client-id CLIENT_ID
The ID of the new application
--user USER The user the application belongs to
--redirect-uris REDIRECT_URIS
The redirect URIs, this must be a space separated
string e.g 'URI1 URI2'
--post-logout-redirect-uris POST_LOGOUT_REDIRECT_URIS
The post logout redirect URIs, this must be a space
separated string e.g 'URI1 URI2'
--client-secret CLIENT_SECRET
The secret for this application
--name NAME The name this application
--skip-authorization If set, completely bypass the authorization form, even
on the first use of the application
--algorithm ALGORITHM
The OIDC token signing algorithm for this application,
one of: RS256, HS256
--version Show program's version number and exit.
-v {0,1,2,3}, --verbosity {0,1,2,3}
Verbosity level; 0=minimal output, 1=normal output,
2=verbose output, 3=very verbose output
--settings SETTINGS The Python path to a settings module, e.g.
"myproject.settings.main". If this isn't provided, the
DJANGO_SETTINGS_MODULE environment variable will be
used.
--pythonpath PYTHONPATH
A directory to add to the Python path, e.g.
"/home/djangoprojects/myproject".
--traceback Raise on CommandError exceptions.
--no-color Don't colorize the command output.
--force-color Force colorization of the command output.
--skip-checks Skip system checks.
If you let ``createapplication`` auto-generate the secret then it displays the value before hashing it.
|