File: class_based.rst

package info (click to toggle)
django-oauth-toolkit 3.0.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 2,156 kB
  • sloc: python: 11,100; makefile: 159; javascript: 9; sh: 6
file content (58 lines) | stat: -rw-r--r-- 2,406 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
Class-based Views
=================

Django OAuth Toolkit provides generic classes useful to implement OAuth2 protected endpoints
using the *Class Based View* approach.


.. class:: ProtectedResourceView(ProtectedResourceMixin, View):

    A view that provides OAuth2 authentication out of the box. To implement a protected
    endpoint, just define your CBV as::

        class MyEndpoint(ProtectedResourceView):
            """
            A GET endpoint that needs OAuth2 authentication
            """
            def get(self, request, *args, **kwargs):
                return HttpResponse('Hello, World!')

    **Please notice**: ``OPTION`` method is not OAuth2 protected to allow preflight requests.

.. class:: ScopedProtectedResourceView(ScopedResourceMixin, ProtectedResourceView):

    A view that provides OAuth2 authentication and scopes handling out of the box. To implement
    a protected endpoint, just define your CBV specifying the ``required_scopes`` field::

        class MyScopedEndpoint(ScopedProtectedResourceView):
            required_scopes = ['can_make_it can_break_it']

            """
            A GET endpoint that needs OAuth2 authentication
            and a set of scopes: 'can_make_it' and 'can_break_it'
            """
            def get(self, request, *args, **kwargs):
                return HttpResponse('Hello, World!')


.. class:: ReadWriteScopedResourceView(ReadWriteScopedResourceMixin, ProtectedResourceView):

    A view that provides OAuth2 authentication and read/write default scopes.
    ``GET``, ``HEAD``, ``OPTIONS`` HTTP methods require ``read`` scope, others methods
    need the ``write`` scope. If you need, you can always specify an additional list of
    scopes in the ``required_scopes`` field::

        class MyRWEndpoint(ReadWriteScopedResourceView):
            required_scopes = ['has_additional_powers']  # optional

            """
            A GET endpoint that needs OAuth2 authentication
            and the 'read' scope. If required_scopes was specified,
            clients also need those scopes.
            """
            def get(self, request, *args, **kwargs):
                return HttpResponse('Hello, World!')


Generic views in DOT are obtained composing a set of mixins you can find in the :doc:`views.mixins <mixins>`
module: feel free to use those mixins directly if you want to provide your own class based views.