File: function_based.rst

package info (click to toggle)
django-oauth-toolkit 3.0.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 2,156 kB
  • sloc: python: 11,100; makefile: 159; javascript: 9; sh: 6
file content (65 lines) | stat: -rw-r--r-- 2,374 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
Function-based views
====================

Django OAuth Toolkit provides decorators to help you in protecting your function-based views.

.. function:: protected_resource(scopes=None, validator_cls=OAuth2Validator, server_cls=Server)

    Decorator to protect views by providing OAuth2 authentication out of the box, optionally with
    scope handling. Basic usage, without using scopes::

        from oauth2_provider.decorators import protected_resource

        @protected_resource()
        def my_view(request):
            # An access token is required to get here...
            # ...
            pass

    If you want to check scopes as well when accessing a view you can pass them along as
    decorator's parameter::

        from oauth2_provider.decorators import protected_resource

        @protected_resource(scopes=['can_make_it can_break_it'])
        def my_view(request):
            # An access token AND the right scopes are required to get here...
            # ...
            pass

    The decorator also accept server and validator classes if you want or need to use your own
    OAuth2 logic::

        from oauth2_provider.decorators import protected_resource
        from myapp.oauth2_validators import MyValidator

        @protected_resource(validator_cls=MyValidator)
        def my_view(request):
            # You have to leverage your own logic to get here...
            # ...
            pass


.. function:: rw_protected_resource(scopes=None, validator_cls=OAuth2Validator, server_cls=Server)

    Decorator to protect views by providing OAuth2 authentication and read/write scopes out of the
    box. ``GET``, ``HEAD``, ``OPTIONS`` HTTP methods require ``'read'`` scope.
    Otherwise ``'write'`` scope is required::

        from oauth2_provider.decorators import rw_protected_resource

        @rw_protected_resource()
        def my_view(request):
            # If this is a POST, you have to provide 'write' scope to get here...
            # ...
            pass

    If you need, you can ask for other scopes over ``'read'`` and ``'write'``::

        from oauth2_provider.decorators import rw_protected_resource

        @rw_protected_resource(scopes=['exotic_scope'])
        def my_view(request):
            # If this is a POST, you have to provide 'exotic_scope write' scopes to get here...
            # ...
            pass