Django OAuth Toolkit
OAuth2 goodies for the Djangonauts!
- If you are facing one or more of the following:
-
- Your Django app exposes a web API you want to protect with OAuth2 authentication,
- You need to implement an OAuth2 authorization server to provide tokens management for your infrastructure,
Django OAuth Toolkit can help you providing out of the box all the endpoints, data and logic needed to add OAuth2 capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent OAuthLib, so that everything is rfc-compliant.
Reporting security issues
Please report any security issues to the JazzBand security team at \<security@jazzband.co>. Do not file an issue on the tracker.
Requirements
- Python 3.8+
- Django 4.2, 5.0 or 5.1
- oauthlib 3.2.2+
Installation
Install with pip:
pip install django-oauth-toolkit
Add oauth2_provider
to your INSTALLED_APPS
INSTALLED_APPS = (
...
'oauth2_provider',
)
If you need an OAuth2 provider you\'ll want to add the following to your
urls.py
.
from oauth2_provider import urls as oauth2_urls
urlpatterns = [
...
path('o/', include(oauth2_urls)),
]
Changelog
See CHANGELOG.md.
Documentation
The full documentation is on Read the Docs.
License
django-oauth-toolkit is released under the terms of the BSD license.
Full details in LICENSE
file.
Help Wanted
We need help maintaining and enhancing django-oauth-toolkit (DOT).
Join the team
Please consider joining Jazzband (If not already a member) and the DOT project team.
How you can help
See our contributing info and the open issues and PRs, especially those labeled help-wanted.
Discussions
Have questions or want to discuss the project? See the discussions.
Submit PRs and Perform Reviews
PR submissions and reviews are always appreciated! Since we require an independent review of any PR before it can be merged, having your second set of eyes looking at PRs is extremely valuable.
Please don't merge PRs
Please be aware that we don't want every Jazzband member to merge PRs but just a handful of project team members so that we can maintain a modicum of control over what goes into a release of this security oriented code base. Only project leads are able to publish releases to Pypi and it becomes difficult when creating a new release for the leads to deal with "unexpected" merged PRs.
Become a Project Lead
If you are interested in stepping up to be a Project Lead, please take a look at the discussion about this.