OAuth2 in Django
Prequisites.
sudo apt install python2-pip
Clone this project from Github.
sudo git clone https://github.com/RichardKnop/django-oauth2-server.git &&
cd django-oauth2-server &&
sudo pip3 install -U pip &&
sudo pip3 install -r requirements.txt &&
ls
Troubleshooting
Please add the directory containing pg_config to the PATH
or specify the full executable path with the option
Solution
sudo apt install libpq-dev python2-dev postgresql-server-dev-all -y &&
sudo pip3 install -r requirements.txt
Troubleshooting: Error: could not determine PostgreSQL version from '10.4' or Failed building wheel for bcrypt
Solution: Remove psycopg2, bcrypt and cffi version at requirements.txt file.
# pyscopg2
sudo sed -i 's/\=\=2\.6\.1//g' requirements.txt &&
# bcrypt
sudo sed -i 's/\=\=2\.0\.0//g' requirements.txt &&
# cffi
sudo sed -i 's/\=\=1\.3\.0//g' requirements.txt &&
sudo apt install python2-bcrypt python2-cffi &&
sudo pip3 install psycopg2-binary
Enable local settings.
sudo cp oauth2server/proj/settings/local.example.py oauth2server/proj/settings/local.py
Update settings.
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'django_oauth2_server',
'USER': 'django_oauth2_server',
'PASSWORD': 'changethispassword',
'HOST': 'localhost',
},
}
Install PostgreSQL.
sudo apt-get install postgresql postgresql-contrib -y &&
sudo update-rc.d postgresql enable &&
sudo service postgresql start &&
sudo service postgresql status
Add new database, new user and grant all privileges to new user via CLI.
sudo -u postgres psql -c "CREATE USER django_oauth2_server WITH PASSWORD 'changethispassword';" &&
sudo -u postgres psql -c "CREATE USER test_django_oauth2_server WITH PASSWORD 'changethispassword';" &&
sudo -u postgres psql -c "CREATE DATABASE test_django_oauth2_server;" &&
sudo -u postgres psql -c "GRANT ALL on DATABASE test_django_oauth2_server to test_django_oauth2_server;" &&
sudo -u postgres psql
At Postgres console do this.
\du
\l
create database django_oauth2_server
\l
GRANT ALL on DATABASE django_oauth2_server to django_oauth2_server
\du
To list available users use \du.
To list available databases use \l.
Migrate database, load test data, and run server.
sudo python2 oauth2server/manage.py migrate &&
sudo python2 oauth2server/manage.py loaddata test_credentials &&
sudo python2 oauth2server/manage.py loaddata test_scopes &&
sudo python2 oauth2server/manage.py runserver
Grant access token.
$ curl localhost:8000/api/v1/tokens/ -d 'grant_type=client_credentials&client_id=testclient&client_secret=testpassword'
{"id":1,"access_token":"eecf45ff-5f7a-4a97-98d9-6ad5b61fc115","expires_in":3600,"token_type":"Bearer","scope":"foo bar qux","refresh_token":"54b2db08-1287-4346-ba2b-b752521f2dc9"}
Grant refresh token.
curl localhost:8000/api/v1/tokens/ -d 'grant_type=client_credentials&client_id=testclient&client_secret=testpassword&grant_type=refresh_token&refresh_token=3f71ff7b-a951-4831-9258-c8d295fd772d'
{"id":7,"access_token":"7a36001a-9cb5-475a-8293-a09b8dbbfb0e","expires_in":3600,"token_type":"Bearer","scope":"foo bar qux","refresh_token":"a8c1e466-9a7b-4dc4-9118-a75d3aa3520c"}
Access OAuth via Web
http://localhost:8000/web/authorize/?response_type=code&client_id=testclient&redirect_uri=https://www.example.com&state=somestate
You would get authorization code via a query string.
https://www.example.com/?state=somestate&code=4c177732-a8fa-490c-a5eb-5771157e5ae8
Use the authorization code to get access token.
curl localhost:8000/api/v1/tokens/ -d 'grant_type=authorization_code&client_id=testclient&client_secret=testpassword&code=2c5fcb0e-2721-4c0b-b1b7-974b35caa37e'
{"id":8,"access_token":"e55fe895-2670-431b-86a1-f830e8f2a015","expires_in":3600,"token_type":"Bearer","scope":"foo bar qux","refresh_token":"8ac6c41c-2183-4fac-b288-ae468de38793"}
Deploy Client App
LDAP troubleshooting
Compilation failed
sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev -y
Auth0 Schemes
OpenSSO Schemes
