Hello,
-- I would like some help with django oauth2 flow.
I have created an app:
redirect_uri http://127.0.0.1:8000/accounts/login/
client_type public
authorization_grant_type is authorization code
name test
I have a client id and a secret. I want to get authenticated via curl and at the end retrieve the user logged in as request.user.
Here is the flow so far.
- I go to http://127.0.0.1:8000/o/authorize/?client_id=kR2VKTWYXd1bPSf6nog8LHeCaJdh9uftdg2MMSR9&response_type=code&state=random_state_string&redirect_uri=http://127.0.0.1:8000/accounts/login/
- I get to the authorize screen with authorize button
- After authorizing, I get to the login page where I enter login and password
- I get to /account/profile screen where I get a unauthorised message
What am I doing wrong here?
GET /accounts/profile/
{ "detail": "Authentication credentials were not provided." }
Here is my settings.py
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'oauth2_provider',
'corsheaders',
'registration',
'rest_framework',
'rest_framework_swagger',
'test',
)
MIDDLEWARE_CLASSES = (
'disable.DisableCSRF',
'corsheaders.middleware.CorsMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'oauth2_provider.middleware.OAuth2TokenMiddleware',
)
ROOT_URLCONF = 'test.urls'
CORS_ORIGIN_ALLOW_ALL = True ## COMMENT THIS LATER
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
AUTHENTICATION_BACKENDS = (
'oauth2_provider.backends.OAuth2Backend',
# Uncomment following if you want to access the admin
'django.contrib.auth.backends.ModelBackend'
)
# be sure following two appear in this order
WSGI_APPLICATION = 'test.wsgi.application'
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.ext.rest_framework.OAuth2Authentication',
)
}
OAUTH2_PROVIDER = {
# this is the list of available scopes
'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
}
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fc8002e3-b860-4e36-91be-5973c8913981%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment