Convert Figma logo to code with AI

jazzband logodjango-oauth-toolkit

OAuth2 goodies for the Djangonauts!

3,248
801
3,248
200
View on GitHub

Top Related Projects

jazzband's avatar

djangorestframework-simplejwt

4,193

A JSON Web Token authentication plugin for the Django REST Framework.

oauthlib's avatar

oauthlib

2,890

A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

authlib's avatar

authlib

4,878

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

Quick Overview

Django OAuth Toolkit is a powerful and flexible OAuth2 provider for Django applications. It provides a complete OAuth2 server implementation, allowing developers to easily add OAuth2 capabilities to their Django projects. The toolkit is fully compliant with RFC 6749 and supports various OAuth2 grant types.

Pros

  • Comprehensive OAuth2 implementation with support for multiple grant types
  • Seamless integration with Django's authentication system
  • Extensive documentation and active community support
  • Customizable and extensible to fit specific project requirements

Cons

  • Learning curve for developers new to OAuth2 concepts
  • Requires careful configuration to ensure proper security measures
  • May introduce complexity for simpler authentication scenarios
  • Performance considerations for high-traffic applications

Code Examples

  1. Setting up OAuth2 provider in Django settings:
INSTALLED_APPS = [
    ...
    'oauth2_provider',
    ...
]

MIDDLEWARE = [
    ...
    'oauth2_provider.middleware.OAuth2TokenMiddleware',
    ...
]
  1. Protecting a view with OAuth2 authentication:
from oauth2_provider.decorators import protected_resource

@protected_resource()
def protected_api(request):
    return JsonResponse({"message": "This view is protected by OAuth2"})
  1. Creating an OAuth2 application programmatically:
from oauth2_provider.models import Application
from django.contrib.auth.models import User

user = User.objects.get(username='example')
application = Application.objects.create(
    name='Example Application',
    client_type=Application.CLIENT_CONFIDENTIAL,
    authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
    user=user
)

Getting Started

  1. Install Django OAuth Toolkit:

    pip install django-oauth-toolkit

  2. Add 'oauth2_provider' to INSTALLED_APPS in settings.py:

    INSTALLED_APPS = [
    ...
    'oauth2_provider',
    ...
]

  3. Include OAuth2 provider URLs in your project's urls.py:

    from django.urls import path, include

urlpatterns = [
    ...
    path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
    ...
]

  4. Run migrations:

    python manage.py migrate

  5. Create an OAuth2 application in the Django admin interface or programmatically.

  6. Implement OAuth2 authentication in your views and APIs as needed.

Competitor Comparisons

jazzband logo

djangorestframework-simplejwt

4,193

A JSON Web Token authentication plugin for the Django REST Framework.

Pros of djangorestframework-simplejwt

  • Lightweight and focused solely on JWT authentication
  • Easier to set up and configure for simple JWT use cases
  • Better performance due to stateless nature of JWTs

Cons of djangorestframework-simplejwt

  • Limited to JWT authentication, less flexible for other OAuth 2.0 flows
  • Lacks built-in support for token revocation and refresh token rotation
  • May require additional libraries for more complex authentication scenarios

Code Comparison

djangorestframework-simplejwt:

from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView

urlpatterns = [
    path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
    path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
]

django-oauth-toolkit:

from oauth2_provider.views import TokenView, RevokeTokenView

urlpatterns = [
    path('o/token/', TokenView.as_view(), name='token'),
    path('o/revoke_token/', RevokeTokenView.as_view(), name='revoke-token'),
]

Both libraries offer easy-to-use views for token-related operations, but django-oauth-toolkit provides more comprehensive OAuth 2.0 support, including token revocation. djangorestframework-simplejwt focuses specifically on JWT authentication, resulting in a simpler setup for basic JWT use cases.

oauthlib logo

oauthlib

2,890

A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

Pros of oauthlib

  • Framework-agnostic, can be used with any Python web framework
  • More flexible and customizable for complex OAuth implementations
  • Supports a wider range of OAuth specifications and versions

Cons of oauthlib

  • Requires more setup and configuration compared to django-oauth-toolkit
  • Less integrated with Django-specific features and middleware
  • Steeper learning curve for developers new to OAuth

Code Comparison

oauthlib:

from oauthlib.oauth2 import RequestValidator
from oauthlib.oauth2.rfc6749.endpoints import TokenEndpoint

class MyRequestValidator(RequestValidator):
    # Implement validation methods

token_endpoint = TokenEndpoint(MyRequestValidator())

django-oauth-toolkit:

from oauth2_provider.views import TokenView
from oauth2_provider.models import Application

class MyTokenView(TokenView):
    # Customize token view if needed

application = Application.objects.create(client_type=Application.CLIENT_CONFIDENTIAL)

oauthlib provides a more low-level implementation, requiring custom validators and endpoint setup. django-oauth-toolkit offers a higher-level abstraction with pre-configured views and models, making it easier to integrate with Django projects but potentially less flexible for complex use cases.

authlib logo

authlib

4,878

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

Pros of Authlib

  • More comprehensive OAuth support, including OAuth 1.0, OAuth 2.0, and OpenID Connect
  • Framework-agnostic, supporting multiple Python web frameworks (Flask, Django, etc.)
  • Includes additional security features like JWT handling and cryptography tools

Cons of Authlib

  • Steeper learning curve due to its broader scope and flexibility
  • Less Django-specific optimizations and integrations
  • Smaller community and fewer Django-specific resources compared to Django OAuth Toolkit

Code Comparison

Django OAuth Toolkit:

from oauth2_provider.views.generic import ProtectedResourceView

class ApiEndpoint(ProtectedResourceView):
    def get(self, request, *args, **kwargs):
        return HttpResponse('Hello, OAuth2!')

Authlib:

from authlib.integrations.django_oauth2 import ResourceProtector

require_oauth = ResourceProtector()

@require_oauth('profile')
def api_me(request):
    return JsonResponse(dict(user=request.oauth_token.user))

Both libraries provide ways to protect API endpoints, but Authlib's approach is more flexible and can be used across different frameworks. Django OAuth Toolkit is more tightly integrated with Django's ecosystem, potentially offering a smoother experience for Django-specific projects.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Django OAuth Toolkit

.. image:: https://jazzband.co/static/img/badge.svg :target: https://jazzband.co/ :alt: Jazzband

OAuth2 goodies for the Djangonauts!

.. image:: https://badge.fury.io/py/django-oauth-toolkit.svg :target: http://badge.fury.io/py/django-oauth-toolkit

.. image:: https://github.com/jazzband/django-oauth-toolkit/workflows/Test/badge.svg :target: https://github.com/jazzband/django-oauth-toolkit/actions :alt: GitHub Actions

.. image:: https://codecov.io/gh/jazzband/django-oauth-toolkit/branch/master/graph/badge.svg :target: https://codecov.io/gh/jazzband/django-oauth-toolkit :alt: Coverage

.. image:: https://img.shields.io/pypi/pyversions/django-oauth-toolkit.svg :target: https://pypi.org/project/django-oauth-toolkit/ :alt: Supported Python versions

.. image:: https://img.shields.io/pypi/djversions/django-oauth-toolkit.svg :target: https://pypi.org/project/django-oauth-toolkit/ :alt: Supported Django versions

If you are facing one or more of the following:

  • Your Django app exposes a web API you want to protect with OAuth2 authentication,
  • You need to implement an OAuth2 authorization server to provide tokens management for your infrastructure,

Django OAuth Toolkit can help you providing out of the box all the endpoints, data and logic needed to add OAuth2 capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent OAuthLib <https://github.com/idan/oauthlib>, so that everything is rfc-compliant <https://rfc-editor.org/rfc/rfc6749.html>.

Reporting security issues

Please report any security issues to the JazzBand security team at security@jazzband.co. Do not file an issue on the tracker.

Requirements

  • Python 3.8+
  • Django 4.2, 5.0 or 5.1
  • oauthlib 3.2.2+

Installation

Install with pip::

pip install django-oauth-toolkit

Add oauth2_provider to your INSTALLED_APPS

.. code-block:: python

INSTALLED_APPS = (
    ...
    'oauth2_provider',
)

If you need an OAuth2 provider you'll want to add the following to your urls.py.

.. code-block:: python

from oauth2_provider import urls as oauth2_urls

urlpatterns = [
    ...
    path('o/', include(oauth2_urls)),
]

Changelog

See CHANGELOG.md <https://github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md>_.

Documentation

The full documentation <https://django-oauth-toolkit.readthedocs.io/>_ is on Read the Docs.

License

django-oauth-toolkit is released under the terms of the BSD license. Full details in LICENSE file.

Help Wanted

We need help maintaining and enhancing django-oauth-toolkit (DOT).

Join the team


Please consider joining `Jazzband <https://jazzband.co>`__ (If not
already a member) and the `DOT project
team <https://jazzband.co/projects/django-oauth-toolkit>`__.

How you can help

See our contributing <https://django-oauth-toolkit.readthedocs.io/en/latest/contributing.html>__ info and the open issues <https://github.com/jazzband/django-oauth-toolkit/issues>__ and PRs <https://github.com/jazzband/django-oauth-toolkit/pulls>, especially those labeled help-wanted <https://github.com/jazzband/django-oauth-toolkit/labels/help-wanted>.

Discussions

Have questions or want to discuss the project?
See `the discussions <https://github.com/jazzband/django-oauth-toolkit/discussions>`__.


Submit PRs and Perform Reviews

PR submissions and reviews are always appreciated! Since we require an independent review of any PR before it can be merged, having your second set of eyes looking at PRs is extremely valuable.

Please don’t merge PRs


Please be aware that we don’t want *every* Jazzband member to merge PRs
but just a handful of project team members so that we can maintain a
modicum of control over what goes into a release of this security oriented code base. Only `project
leads <https://jazzband.co/projects/django-oauth-toolkit>`__ are able to
publish releases to Pypi and it becomes difficult when creating a new
release for the leads to deal with “unexpected” merged PRs.

Become a Project Lead
~~~~~~~~~~~~~~~~~~~~~

If you are interested in stepping up to be a Project Lead, please take a look at
the `discussion about this <https://github.com/jazzband/django-oauth-toolkit/discussions/1479>`__.