OAuth2 Client (Python/Django)

Question

I'm creating a single sign-on (SSO) service using Python, Django, Django Rest Framework and Django OAuth Toolkit (https://github.com/evonove/django-oauth-toolkit). The SSO service will be a central, stand-alone application providing user identity services (granting access to user information as an OAuth2 Protected Resource).

Django OAuth Toolkit helps to implement the OAuth2 Authorisation Server. Is there a similarly good quality Django or Python library that can help in implementing the OAuth2 Client (see following diagram snippet taken from https://www.rfc-editor.org/rfc/rfc6749#section-1.2)?

+--------+                               +---------------+
|        |--(A)- Authorization Request ->|   Resource    |
|        |                               |     Owner     |
|        |<-(B)-- Authorization Grant ---|               |
|        |                               +---------------+
|        |
|        |                               +---------------+
|        |--(C)-- Authorization Grant -->| Authorization |
| Client |                               |     Server    |
|        |<-(D)----- Access Token -------|               |
|        |                               +---------------+
|        |
|        |                               +---------------+
|        |--(E)----- Access Token ------>|    Resource   |
|        |                               |     Server    |
|        |<-(F)--- Protected Resource ---|               |
+--------+                               +---------------+

(I expect the main use case wouldn't be a problem to implement myself, but if a good library provides handling of corner cases, errors, retries and is well tested, then it would be a shame to reinvent.)

Thanks,

Paul.

Answer 1

Coming back to answer my own question some time after finding and implementing a solution...

My chosen approach was to read the relevant RFCs (The OAuth 2.0 Authorization Framework and The OAuth 2.0 Authorization Framework: Bearer Token Usage) and implement a solution with the help of the requests-oauthlib OAuth-2 workflow.

A high-level breakdown of the resulting Django app that I wrote involved creating:

• URL routing for login, login-callback and logout
• Accompanying views to process requests from those URLs.
• An OAuth2 authentication backend.
• Middleware to enforce authentication on views that require it.

The Django app was implemented as a pip-installable stand-alone client that could be used by systems that required a single sign-on.

An OAuth-2 authorization server, implemented with the help of Django Rest Framework and Django OAuth Toolkit, provided the hub for my single sign-on infrastructure.