Models

class oauth2_provider.models.AbstractAccessToken(args, kwargs*)

An AccessToken instance represents the actual access token to access user’s resources, as in RFC6749 Section 5.

Fields:

  • user The Django user representing resources” owner
  • source_refresh_token If from a refresh, the consumed RefeshToken
  • token Access token
  • application Application instance
  • expires Date and time of token expiration, in DateTime format

  • scope Allowed scopes

  • allow_scopes(scopes)

    Check if the token allows the provided scopes

    Parameters:scopes – An iterable containing the scopes to check

  • is_expired()

    Check token expiration with timezone awareness

  • is_valid(scopes=None)

    Checks if the access token is valid.

    Parameters:scopes – An iterable containing the scopes to check or None

  • revoke()

    Convenience method to uniform tokens” interface, for now simply remove this token from the database in order to revoke it.

  • scopes

    Returns a dictionary of allowed scope names (as keys) with their descriptions (as values)

class oauth2_provider.models.AbstractApplication(args, kwargs*)

An Application instance represents a Client on the Authorization server. Usually an Application is created manually by client’s developers after logging in on an Authorization Server.

Fields:

  • client_id The client identifier issued to the client during the

    registration process as described in RFC6749 Section 2.2

  • user ref to a Django user

  • redirect_uris The list of allowed redirect uri. The string

    consists of valid URLs separated by space

  • client_type Client type as described in RFC6749 Section 2.1

  • authorization_grant_type Authorization flows available to the

    Application

  • client_secret Confidential secret issued to the client during

    the registration process as described in RFC6749 Section 2.2

  • name Friendly name for the Application

  • clean()

    Hook for doing any extra model-wide validation after clean() has been called on every field by self.clean_fields. Any ValidationError raised by this method will not be associated with a particular field; it will have a special-case association with the field defined by NON_FIELD_ERRORS.

  • default_redirect_uri

    Returns the default redirect_uri extracting the first item from the redirect_uris string

  • get_allowed_schemes()

    Returns the list of redirect schemes allowed by the Application. By default, returns ALLOWED_REDIRECT_URI_SCHEMES.

  • is_usable(request)

    Determines whether the application can be used.

    Parameters:request – The HTTP request being processed.

  • redirect_uri_allowed(uri)

    Checks if given url is one of the items in redirect_uris string

    Parameters:uri – Url to check

class oauth2_provider.models.AbstractGrant(args, kwargs*)

A Grant instance represents a token with a short lifetime that can be swapped for an access token, as described in RFC6749 Section 4.1.2

Fields:

  • user The Django user who requested the grant
  • code The authorization code generated by the authorization server

  • application Application instance this grant was asked for

  • expires Expire time in seconds, defaults to

    settings.AUTHORIZATION_CODE_EXPIRE_SECONDS

  • redirect_uri Self explained

  • scope Required scopes, optional
  • code_challenge PKCE code challenge

  • code_challenge_method PKCE code challenge transform algorithm

  • is_expired()

    Check token expiration with timezone awareness

class oauth2_provider.models.AbstractRefreshToken(args, kwargs*)

A RefreshToken instance represents a token that can be swapped for a new access token when it expires.

Fields:

  • user The Django user representing resources” owner
  • token Token value

  • application Application instance

  • access_token AccessToken instance this refresh token is

    bounded to

  • revoked Timestamp of when this refresh token was revoked

  • revoke()

    Mark this refresh token revoked and revoke related access token

class oauth2_provider.models.AccessToken(id, user, source_refresh_token, token, application, expires, scope, created, updated)

  • exception DoesNotExist

  • exception MultipleObjectsReturned

class oauth2_provider.models.Application(id, client_id, user, redirect_uris, client_type, authorization_grant_type, client_secret, name, skip_authorization, created, updated)

  • exception DoesNotExist

  • exception MultipleObjectsReturned

class oauth2_provider.models.Grant(id, user, code, application, expires, redirect_uri, scope, created, updated, code_challenge, code_challenge_method)

  • exception DoesNotExist

  • exception MultipleObjectsReturned

class oauth2_provider.models.RefreshToken(id, user, token, application, access_token, created, updated, revoked)

  • exception DoesNotExist

  • exception MultipleObjectsReturned

oauth2_provider.models.get_access_token_model()

Return the AccessToken model that is active in this project.

oauth2_provider.models.get_application_model()

Return the Application model that is active in this project.

oauth2_provider.models.get_grant_model()

Return the Grant model that is active in this project.

oauth2_provider.models.get_refresh_token_model()

Return the RefreshToken model that is active in this project.