# Django OAuth Toolkit ###### tags: `project` `backend` `python` `django` `note` https://django-oauth-toolkit.readthedocs.io/en/latest/install.html ## OAuth2 Authorization Grants ### Authorization Code The Authorization Code flow is best used in web and mobile apps. This is the flow used for third party integration, the user authorizes your partner to access its products in your APIs. ``` export ID=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8 export SECRET=DZFpuNjRdt5xUEzxXovAp40bU3lQvoMvF3awEStn61RXWE0Ses4RgzHWKJKTvUCHfRkhcBi3ebsEfSjfEO96vo2Sh6pZlxJ6f7KcUbhvqMMPoVxRwv4vfdWEoWMGPeIO ``` start Authorization ``` http://127.0.0.1:8000/o/authorize/?response_type=code&client_id=Q7NsqGQPQ4Aq0UCIg4edcpmQTrvNEZ6Yi4d0nVCF&redirect_uri=http://127.0.0.1:8000/noexist/callback ``` redirect to: http://127.0.0.1:8000/noexist/callback?code=HmWWwuqDSBtrdfQOuCwyyjlIi8iDBK http://127.0.0.1:8000/noexist/callback?code=3Bw23tJ18yq06vsZUmrdDWuUybwiet ### Client Credential The Client Credential grant is suitable for machine-to-machine authentication. You authorize your own service or worker to change a bank account transaction status to accepted. ``` export ID=bxXSSBVuvOyGVzh4PurvKaq5MHXMm7FtrHgDMi4u export SECRET=1fuv5WVfR7A5BlF0o155H7s5bLgXlwWLhi3Y7pdJ9aJuCdl0XV5Cxgd0tri7nSzC80qyrovh8qFXFHgFAAc0ldPNn5ZYLanxSm1SI1rxlRrWUP591wpHDGa3pSpB6dCZ ``` The Client Credential flow is simpler than the Authorization Code flow. We need to encode client_id and client_secret as HTTP base authentication encoded in base64 I use the following code to do that. ``` >>> import base64 >>> client_id = "bxXSSBVuvOyGVzh4PurvKaq5MHXMm7FtrHgDMi4u" >>> secret = "1fuv5WVfR7A5BlF0o155H7s5bLgXlwWLhi3Y7pdJ9aJuCdl0XV5Cxgd0tri7nSzC80qyrovh8qFXFHgFAAc0ldPNn5ZYLanxSm1SI1rxlRrWUP591wpHDGa3pSpB6dCZ" >>> credential = "{0}:{1}".format(client_id, secret) >>> base64.b64encode(credential.encode("utf-8")) b'YXhYU1NCVnV2T3lHVnpoNFB1cnZLYXE1TUhYTW03RnRySGdETWk0dToxZnV2NVdWZlI3QTVCbEYwbzE1NUg3czViTGdYbHdXTGhpM1k3cGRKOWFKdUNkbDBYVjVDeGdkMHRyaTduU3pDODBxeXJvdmg4cUZYRkhnRkFBYzBsZFBObjVaWUxhbnhTbTFTSTFyeGxScldVUDU5MXdwSERHYTNwU3BCNmRDWg==' >>> ``` ## [Tutorials](https://hackmd.io/rmNiDfsgSIqQf-V-zoUFEg)