Providing OAuth services for Tastypie APIs
This library works with two different OAuth providers, you must install one of them:
- django-oauth-toolkit: https://github.com/evonove/django-oauth-toolkit
- django-oauth2-provider: https://github.com/caffeinehit/django-oauth2-provider
Set up one of these libraries before continuing
-
Add
tastypie_oauth
toINSTALLED_APPS
in Django. -
Specify
OAUTH_ACCESS_TOKEN_MODEL
in the Django settings. At this time it can be'oauth2_provider.models.AccessToken'
for django-oauth-toolkit and'provider.oauth2.models.AccessToken'
for django-oauth2-provider. -
When you create your Tastypie resources, use
OAuth20Authentication
like so:# mysite/polls/api.py from tastypie.resources import ModelResource from tastypie.authorization import DjangoAuthorization from polls.models import Poll, Choice from tastypie import fields from tastypie_oauth.authentication import OAuth20Authentication class ChoiceResource(ModelResource): class Meta: queryset = Choice.objects.all() resource_name = 'choice' authorization = DjangoAuthorization() authentication = OAuth20Authentication() class PollResource(ModelResource): choices = fields.ToManyField(ChoiceResource, 'choice_set', full=True) class Meta: queryset = Poll.objects.all() resource_name = 'poll' authorization = DjangoAuthorization() authentication = OAuth20Authentication()
Or, if you want to use scoped authentication, use the
OAuth2ScopedAuthentication
class:from tastypie_oauth.authentication import OAuth20ScopedAuthentication # With Django-oauth-toolkit class ChoiceResource(ModelResource): poll = fields.ToOneField("polls.api.PollResource", "poll", full=False) class Meta: resource_name = 'choice' queryset = Choice.objects.all() authorization = DjangoAuthorization() authentication = OAuth2ScopedAuthentication( post=("read write",), get=("read",), put=("read","write") )
from provider.constants import READ, WRITE, READ_WRITE from tastypie_oauth.authentication import OAuth20ScopedAuthentication # With Django-oauth2-provider class ChoiceResource(ModelResource): poll = fields.ToOneField("polls.api.PollResource", "poll", full=False) class Meta: resource_name = 'choice' queryset = Choice.objects.all() authorization = DjangoAuthorization() authentication = OAuth2ScopedAuthentication( post=(READ_WRITE,), get=(READ,), put=(READ,WRITE) )
-
After authorizing the user and gaining an access token, you can use the API almost as before with just one minor change. You must add a
oauth_consumer_key
GET or POST parameter with the access token as the value, or put the access token in "Authorization" header.