Open gbataille opened 6 years ago
I think this comment: https://github.com/jazzband/django-oauth-toolkit/issues/605#issuecomment-397863421 offers a potential solution via using the run_before
attribute in the migrations that create the replacement models?
Hey @phillbaker,
no run_before
does not solve anything. As the data model is crafted today, you cannot deploy one table before the other. What needs to happen is (for example, can be the other way around)
AccessToken
swapped model WITHOUT the source_refresh_token
columnRefreshToken
swapped modelsource_refresh_token
column to the swapped AccessToken
model table.You basically need to manually amend the auto-generated migration
This is an extract of what I ended up with
operations = [
migrations.CreateModel(
name='AccessToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('expires', models.DateTimeField()),
('scope', models.TextField(blank=True)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('token', models.TextField(unique=True)),
('application', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)),
('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='common_accesstoken', to=settings.AUTH_USER_MODEL)),
],
options={
'abstract': False,
'swappable': 'OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL',
},
),
migrations.CreateModel(
name='RefreshToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('token', models.CharField(max_length=255)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('access_token', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='refresh_token', to=settings.OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL)),
('application', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='common_refreshtoken', to=settings.AUTH_USER_MODEL)),
('revoked', models.DateTimeField(null=True)),
],
options={
'abstract': False,
'swappable': 'OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL',
},
),
migrations.AlterUniqueTogether(
name='refreshtoken',
unique_together=set([('token', 'revoked')]),
),
migrations.AddField(
model_name='accesstoken',
name='source_refresh_token',
field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL, related_name='refreshed_access_token'),
preserve_default=False,
)
]
Same issue here. Trying to swap those models in my project via:
class Application(oauth2_models.AbstractApplication):
pass
class Grant(oauth2_models.AbstractGrant):
pass
class AccessToken(oauth2_models.AbstractAccessToken):
pass
class RefreshToken(oauth2_models.AbstractRefreshToken):
pass
raises this error when applying migrations:
oauth2_provider.RefreshToken.access_token: (fields.E304) Reverse accessor for 'RefreshToken.access_token' clashes with reverse accessor for 'RefreshToken.access_token'.
HINT: Add or change a related_name argument to the definition for 'RefreshToken.access_token' or 'RefreshToken.access_token'.
oauth2_provider.RefreshToken.access_token: (fields.E305) Reverse query name for 'RefreshToken.access_token' clashes with reverse query name for 'RefreshToken.access_token'.
HINT: Add or change a related_name argument to the definition for 'RefreshToken.access_token' or 'RefreshToken.access_token'.
oauth2_provider.RefreshToken.application: (fields.E304) Reverse accessor for 'RefreshToken.application' clashes with reverse accessor for 'RefreshToken.application'.
HINT: Add or change a related_name argument to the definition for 'RefreshToken.application' or 'RefreshToken.application'.
users.RefreshToken.access_token: (fields.E304) Reverse accessor for 'RefreshToken.access_token' clashes with reverse accessor for 'RefreshToken.access_token'.
HINT: Add or change a related_name argument to the definition for 'RefreshToken.access_token' or 'RefreshToken.access_token'.
users.RefreshToken.access_token: (fields.E305) Reverse query name for 'RefreshToken.access_token' clashes with reverse query name for 'RefreshToken.access_token'.
HINT: Add or change a related_name argument to the definition for 'RefreshToken.access_token' or 'RefreshToken.access_token'.
users.RefreshToken.application: (fields.E304) Reverse accessor for 'RefreshToken.application' clashes with reverse accessor for 'RefreshToken.application'.
HINT: Add or change a related_name argument to the definition for 'RefreshToken.application' or 'RefreshToken.application'.
Have the same problem when trying to swap AccessToken
model, don't know how to solve it.
I have the same exact problem. Anyone has been able to find a solution for this yet ?
This is how I've fixed this.
I defined the models as follow:
# oauth/models.py
class Application(models.Model):
pass
class Grant(models.Model):
pass
class AccessToken(models.Model):
pass
class RefreshToken(models.Model):
pass
Then did makemigrations
. Then, inherited the classes from OAuth abstract models:
# oauth/models.py
class Application(oauth2_models.AbstractApplication):
pass
class Grant(oauth2_models.AbstractGrant):
pass
class AccessToken(oauth2_models.AbstractAccessToken):
pass
class RefreshToken(oauth2_models.AbstractRefreshToken):
pass
Set the swapable models to point to these.
# settings.py
# OAuth
OAUTH2_PROVIDER_APPLICATION_MODEL = "oauth.Application"
OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = "oauth.AccessToken"
OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "oauth.RefreshToken"
OAUTH2_PROVIDER_GRANT_MODEL = "oauth.Grant"
Once again, did makemigrations
and all goes good.
We can conclude that the only working "out-of-the-box" swappable model is the Application model (which is the only covered by documentation). Probably, would be better to document this behaviour.
@Alir3z4 I'm trying the above and am still seeing the E.305 reverse accessor errors:
oauth.AccessToken.application: (fields.E304) Reverse accessor for 'AccessToken.application' clashes with reverse accessor for 'AccessToken.application'.
HINT: Add or change a related_name argument to the definition for 'AccessToken.application' or 'AccessToken.application'.
etc.
What did I miss? Thanks.
Has this broken since release 1.1? https://gitmemory.com/issue/jazzband/django-oauth-toolkit/634/471959496
See https://docs.djangoproject.com/en/3.0/topics/db/models/#abstract-related-name Trying out a fix now...
I tried the above steps. Still facing the same problem( Error fields.E305) . Is there any workaround to fix this issue.
After spinning around a lot with E304's and so on, I got this to work but I don't believe this is truly a swappable set of models (but maybe it is). What I did:
from django.db import models
from oauth2_provider import models as oauth2_models
class MyAccessToken(oauth2_models.AbstractAccessToken): """ extend the AccessToken model with the external introspection server response """ class Meta(oauth2_models.AbstractAccessToken.Meta): swappable = "OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL"
introspection = models.TextField(null=True, blank=True)
class MyRefreshToken(oauth2_models.AbstractRefreshToken): """ extend the AccessToken model with the external introspection server response """ class Meta(oauth2_models.AbstractRefreshToken.Meta): swappable = "OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL"
class MyApplication(oauth2_models.AbstractApplication): class Meta(oauth2_models.AbstractApplication.Meta): swappable = "OAUTH2_PROVIDER_APPLICATION_MODEL"
2. Manually fixed up a migration to be similar to the one in oauth2_provider to work around circular references from MyAccessToken.source_refresh_token by deferring adding it until later.
3. My 'oauth' app in settings.INSTALLED_APPS:
INSTALLED_APPS = [ ... 'oauth2_provider', 'oauth', ... ]
4. Set my models in setting.OAUTH2_PROVIDER_...:
OAUTH2_PROVIDER_APPLICATION_MODEL = "oauth.MyApplication" OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = "oauth.MyAccessToken" OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "oauth.MyRefreshToken" OAUTH2_PROVIDER_GRANT_MODEL = "oauth2_provider.Grant"
5. Started with a totally empty set of migrations and then do a migrate. This basically ends up with the following tables:
... | oauth2_provider_grant | | oauth_myaccesstoken | | oauth_myapplication | | oauth_myrefreshtoken | ...
This is really not a swappable model as far as I understand what that means. But it was a way to extend the AccessToken model which I can than override the validator class for:
OAUTH2_PROVIDER = {
'RESOURCE_SERVER_INTROSPECTION_URL': OAUTH2_SERVER + '/as/introspect.oauth2',
'RESOURCE_SERVER_INTROSPECTION_CREDENTIALS': (
os.environ.get('RESOURCE_SERVER_ID','demo'),
os.environ.get('RESOURCE_SERVER_SECRET','demosecret')
),
'SCOPES': { k: '{} scope'.format(k) for k in OAUTH2_CONFIG['scopes_supported'] },
'OAUTH2_VALIDATOR_CLASS': 'oauth.oauth2_introspection.OAuth2Validator', # my custom validator
}
I'm doing the above because I want to use some locally-added claims from my external OAuth2/OIDC AS introspection endpoint. This is kind of non-standard but my AS lets me configure added response fields.
@n2ygk Could you elaborate on the migration
file you customized?. I am trying to follow your workaround for this issue but I can't seem to get it done. The migration
structure you did would be a good addition to this issue discussion.
@armando-herastang sure. Here it is. It's basically the same as the 0001 migration in DOT; I've just added an extra field to MyAccessToken
.
# Generated by Django 3.0.3 on 2020-04-03 20:33
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
import oauth2_provider.generators
class Migration(migrations.Migration):
initial = True
dependencies = [
migrations.swappable_dependency(settings.OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL),
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
migrations.swappable_dependency(settings.OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL),
migrations.swappable_dependency(settings.OAUTH2_PROVIDER_APPLICATION_MODEL),
]
operations = [
migrations.CreateModel(
name='MyApplication',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('client_id', models.CharField(db_index=True, default=oauth2_provider.generators.generate_client_id, max_length=100, unique=True)),
('redirect_uris', models.TextField(blank=True, help_text='Allowed URIs list, space separated')),
('client_type', models.CharField(choices=[('confidential', 'Confidential'), ('public', 'Public')], max_length=32)),
('authorization_grant_type', models.CharField(choices=[('authorization-code', 'Authorization code'), ('implicit', 'Implicit'), ('password', 'Resource owner password-based'), ('client-credentials', 'Client credentials')], max_length=32)),
('client_secret', models.CharField(blank=True, db_index=True, default=oauth2_provider.generators.generate_client_secret, max_length=255)),
('name', models.CharField(blank=True, max_length=255)),
('skip_authorization', models.BooleanField(default=False)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='oauth_myapplication', to=settings.AUTH_USER_MODEL)),
],
options={
'abstract': False,
'swappable': 'OAUTH2_PROVIDER_APPLICATION_MODEL',
},
),
migrations.CreateModel(
name='MyAccessToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('token', models.CharField(max_length=255, unique=True)),
('expires', models.DateTimeField()),
('scope', models.TextField(blank=True)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('userinfo', models.TextField(blank=True, null=True)),
('application', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='oauth_myaccesstoken_related_app', to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)),
# ('source_refresh_token', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='oauth_myaccesstoken_refreshed_access_token', to=settings.OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL)),
('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='oauth_myaccesstoken', to=settings.AUTH_USER_MODEL)),
],
options={
'abstract': False,
'swappable': 'OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL',
},
),
migrations.CreateModel(
name='MyRefreshToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('token', models.CharField(max_length=255)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('revoked', models.DateTimeField(null=True)),
('access_token', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='oauth_myrefreshtoken_refresh_token', to=settings.OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL)),
('application', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='oauth_myrefreshtoken_related_app', to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='oauth_myrefreshtoken', to=settings.AUTH_USER_MODEL)),
],
options={
'abstract': False,
'swappable': 'OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL',
'unique_together': {('token', 'revoked')},
},
),
migrations.AddField(
model_name='MyAccessToken',
name='source_refresh_token',
field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='oauth_myaccesstoken_refreshed_access_token', to=settings.OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL),
),
]
@n2ygk . Thanks for the quick response, but I am still getting the same issue. I want to do the same thing you did. I want to add a field that I will populate in a custom Oauth2Validator
I wrote. I ended up using the migration
you suggested, just included my additional field on the MyAccessToken
, but I am still getting this when I run python manage.py migrate
:
The field oauth2_provider.AccessToken.source_refresh_token was declared with a lazy reference to 'oauth.myrefreshtoken', but app 'oauth' isn't installed.
The field oauth2_provider.Grant.application was declared with a lazy reference to 'oauth.myapplication', but app 'oauth' isn't installed.
The field oauth2_provider.RefreshToken.access_token was declared with a lazy reference to 'oauth.myaccesstoken', but app 'oauth' isn't installed.
The field oauth2_provider.RefreshToken.application was declared with a lazy reference to 'oauth.myapplication', but app 'oauth' isn't installed.
Do you have your 'oauth' app in INSTALLED_APPS? Here's my complete:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'cat_manager', # my app
'rest_framework_json_api',
'rest_framework',
'debug_toolbar',
'corsheaders',
'oauth2_provider',
'oauth', # my oauth2_provider extension
'django_filters',
'django_extensions',
'simple_history',
'django_s3_storage',
]
Make sure you also have this in settings (I'm not sure the grant one is needed):
OAUTH2_PROVIDER_APPLICATION_MODEL = "oauth.MyApplication"
OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = "oauth.MyAccessToken"
OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "oauth.MyRefreshToken"
OAUTH2_PROVIDER_GRANT_MODEL = "oauth2_provider.Grant"
@n2ygk . I do, although I do have this app inside a couple of folders, and I do have it in the INSTALLED_APPS
like this:
...
'api.apps.oauth'
...
And it's name on apps.py
:
class OauthConfig(AppConfig):
name = 'api.apps.oauth'
Then, on my settings
file:
OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL= "oauth.MyAccessToken"
OAUTH2_PROVIDER_APPLICATION_MODEL= "oauth.MyApplication"
OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL= "oauth.MyRefreshToken"
OAUTH2_PROVIDER_GRANT_MODEL= "oauth2_provider.Grant"
I notice oauth.My....
here, but I can´t change it to api.apps.oauth
because I get:
String model references must be of the form 'app_label.ModelName'.
I'm sorry, but maybe I am missing something. Thanks for the help
@armando-herastang
String model references must be of the form 'app_label.ModelName'.
This is a really annoying feature of this stuff that I wasted a lot of time looking at. It looks like a typical string-style module import but if you dig into the code, you'll see it does a simple split(".")
and the [0]
entry is the app name and the [1]
entry is the model name, I believe expected to be in app/models.py. Try moving your oauth extension up to top-level.
What is the status of this issue? I'm having a really rough time trying to swap out the ACCESS_TOKEN_MODEL
.
Is what @faxioman said correct?
We can conclude that the only working "out-of-the-box" swappable model is the Application model (which is the only covered by documentation). Probably, would be better to document this behaviour.
If not, is there a set of reproducible steps that allow one to override the access token model?
@danlamanna I am sorry, but I wasn't able to do it either.
https://github.com/wq/django-swappable-models
Could someone add this alpha stealth django feature to the project? It seems it would allow these circular references to be handled out of the box and in the future all the models would easily be customizable. Looking for some feedback before this gets undertaken so custom access keys are easier to implement for others in the future.
I did what @Alir3z4 did, the makemigrations
command worked fine, but the migrations
command didn't. It just said this:
ValueError: The field oauth2_provider.AccessToken.application was declared with a lazy reference to 'accounts.application', but app 'accounts' doesn't provide model 'application'.
The field oauth2_provider.AccessToken.source_refresh_token was declared with a lazy reference to 'accounts.refreshtoken', but app 'accounts' doesn't provide model 'refreshtoken'.
The field oauth2_provider.Grant.application was declared with a lazy reference to 'accounts.application', but app 'accounts' doesn't provide model 'application'.
The field oauth2_provider.RefreshToken.access_token was declared with a lazy reference to 'accounts.accesstoken', but app 'accounts' doesn't provide model 'accesstoken'.
The field oauth2_provider.RefreshToken.application was declared with a lazy reference to 'accounts.application', but app 'accounts' doesn't provide model 'application'.
Please help me. I've been doing this since yesterday and weren't able to sleep properly. I keep on thinking about this.
My models:
class Application(AbstractApplication):
""""""
class Grant(AbstractGrant):
application = models.ForeignKey(
oauth2_settings.APPLICATION_MODEL,
on_delete=models.CASCADE
)
class AccessToken(AbstractAccessToken):
token = models.CharField(max_length=500, unique=True)
application = models.ForeignKey(
oauth2_settings.APPLICATION_MODEL,
on_delete=models.CASCADE,
blank=True,
null=True,
related_name='access_tokens'
)
source_refresh_token = models.OneToOneField(
# unique=True implied by the OneToOneField
oauth2_settings.REFRESH_TOKEN_MODEL,
on_delete=models.SET_NULL,
blank=True,
null=True,
related_name='refreshed_access_tokens',
)
class RefreshToken(AbstractRefreshToken):
token = models.CharField(max_length=500)
application = models.ForeignKey(
oauth2_settings.APPLICATION_MODEL,
on_delete=models.CASCADE,
related_name='refresh_tokens'
)
access_token = models.OneToOneField(
'accounts.AccessToken',
on_delete=models.SET_NULL,
blank=True,
null=True,
related_name="refresh_tokens",
)
My settings:
OAUTH2_PROVIDER_APPLICATION_MODEL = 'accounts.Application'
OAUTH2_PROVIDER_GRANT_MODEL = 'accounts.Grant'
OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'accounts.AccessToken'
OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'accounts.RefreshToken'
OAUTH2_PROVIDER = {
'SCOPES': {
'read': 'Read scope',
'write': 'Write scope',
'groups': 'Access to your groups'},
'OAUTH2_SERVER_CLASS': 'outdoorevents.oauth2.CustomServer',
'APPLICATION_MODEL': 'accounts.Application',
'GRANT_MODEL': 'accounts.Grant',
'ACCESS_TOKEN_MODEL': 'accounts.AccessToken',
'REFRESH_TOKEN_MODEL': 'accounts.RefreshToken'
}
@n2ygk Given my personal experience and what some of the others in this issue are saying, it's only safe to conclude that dozens or hundreds of man hours have been wasted trying to configure these models over the last few years. It seems clear that these models aren't swappable in practice. Is there something we can do to prevent this from happening in the future? A warning when trying to configure these settings, a change in documentation, etc?
This is still in issue, in case anyone thought it went away :D
Hey guys, I just wanted to let everyone on this thread know that I think I found a hacky workaround using django.db.migrations.SeperateDatabaseAndState
https://docs.djangoproject.com/en/3.1/ref/migration-operations/#separatedatabaseandstate
The major issue is django refuses to run the migration swapping the oauth2 models cause they don't exist yet, and the hacks you can do locally to make it work are not practical when releasing to prod. However, you can just lie to django apparently.
go into your initial migration (0001_initial.py), and add this to the operations
operations = [
migrations.SeparateDatabaseAndState(
state_operations=[
migrations.CreateModel(
name='AccessToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
],
),
... and whatever other models you want to use a swappable dependency with
It wont actually build the table, but django will think you did, so it wont fail it's pre-migrate checks later.
then, generate an empty migration in the same app and copy-paste the faked table create operations over into database_operations
instead this time.
operations = [
migrations.SeparateDatabaseAndState(
database_operations=[ # note the difference here
migrations.CreateModel(
name='AccessToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
],
),
this time, it will create the tables, but django wont be aware of it, so you wont get a "table exists" error or anything.
Now you should be able to swap the models in your settings, make and run migrations, and it'll work as you originally expected it to.
I have no idea what kind of unintended consequences could arise from lying to django this way, so use this workaround at your own risk.
If you still have problems here is solution that worked for me:
Summary:
1. Add to settings.py:
OAUTH2_PROVIDER = {
'ACCESS_TOKEN_EXPIRE_SECONDS': 3600,
'SCOPES_BACKEND_CLASS': 'custom_oauth.backend.DjangoScopes',
'APPLICATION_MODEL': 'custom_oauth.Application',
'ACCESS_TOKEN_MODEL': 'custom_oauth.AccessToken',
}
OAUTH2_PROVIDER_APPLICATION_MODEL = 'custom_oauth.Application'
OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'custom_oauth.AccessToken'
OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "custom_oauth.RefreshToken"
OAUTH2_PROVIDER_ID_TOKEN_MODEL = "custom_oauth.IDToken"
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'custom_oauth',
'oauth2_provider',
]
2. Implement models:
class Application(AbstractApplication):
objects = ApplicationManager()
class Meta(AbstractApplication.Meta):
swappable = "OAUTH2_PROVIDER_APPLICATION_MODEL"
def natural_key(self):
return (self.client_id,)
class AccessToken(AbstractAccessToken):
class Meta(AbstractAccessToken.Meta):
swappable = "OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL"
class RefreshToken(AbstractRefreshToken):
"""
extend the AccessToken model with the external introspection server response
"""
class Meta(AbstractRefreshToken.Meta):
swappable = "OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL"
class IDToken(AbstractIDToken):
"""
extend the AccessToken model with the external introspection server response
"""
class Meta(AbstractIDToken.Meta):
swappable = "OAUTH2_PROVIDER_ID_TOKEN_MODEL"
3. Run makemigrations and migrate
What was most important? You need to implement and overwrite ALL models (Access, Refresh, ID, Application)
@michaeljaszczuk Can you share detail about how to set up your custom model ?. I am flowing you but not I can't.
What exactly do you need to know? Have you seen my requirements? Clean db, no migrations ran and packages versions? If so,
That worked for me 🤔 Code is above... Let me know what is unclear and i will try to help!
I confirm @michaeljaszczuk solution https://github.com/jazzband/django-oauth-toolkit/issues/634#issuecomment-994821666 works as expected.
Perhaps someone would submit a documentation PR for this?
I have spent the better part of 2 days just trying to customise the Application model, which is the one model people claim is extendible! Here's what I did. I'd really appreciate any help or explanation.
Starting with a brand new project, I follow these instructions here: https://django-oauth-toolkit.readthedocs.io/en/latest/advanced_topics.html to the letter
define my custom app model
# authentication/models.py
...
class MyApplication(AbstractApplication):
agree = models.BooleanField()
run makemigrations
(trying to update the settings first causes a bunch of ValueErrors)
ValueError: The field oauth2_provider.AccessToken.application was declared with a lazy reference to 'authentication.myapplication', but app 'authentication' isn't installed.
...
point to my custom model in the settings
# settings.py
OAUTH2_PROVIDER_APPLICATION_MODEL='authentication.MyApplication'
INSTALLED_APPS = [
...
'oauth2_provider',
'authentication',
]
Add the run_before
dependency to the migration, because when releasing to production I obviously won't be able to manually fudge the migration order:
run_before = [
('oauth2_provider', '0001_initial'),
]
run migrate
Here I am confronted with
AttributeError: Manager isn't available; 'oauth2_provider.Application' has been swapped for 'authentication.MyApplication'
This is because in oauth2_provider/migrations/0006_alter_application_client_secret.py
there is a hard reference to the library's Application model; NOT the swappable oauth2_settings.APPLICATION_MODEL
Application = apps.get_model('oauth2_provider', 'application') # <--- hard reference
applications = Application.objects.all() # <-- this .objects call causes the manager error
So the conclusion appears to be: I can't swap the model before migrating oauth2_provider
.
do all the steps of the previous flow, except adding OAUTH2_PROVIDER_APPLICATION_MODEL='authentication.MyApplication'
to the settings.
Now migrate
succeeds
add OAUTH2_PROVIDER_APPLICATION_MODEL='authentication.MyApplication'
to the settings.
Add the oauth views to urls.py to get the token view:
urlpatterns = [
...
path('oauth/', include('oauth2_provider.urls', namespace='oauth2_provider')),
]
Create a MyApplication
instance with grant_type="client credentials" and client_type="confidential"
POST to the /oauth/token
view, passing the MyApplication
instance's credentials, correctly encoded in base64 etc, as basic auth
Here I get:
django.db.utils.IntegrityError: insert or update on table "oauth2_provider_accesstoken" violates foreign key constraint "oauth2_provider_acce_application_id_b22886e1_fk_oauth2_pr"
DETAIL: Key (application_id)=(1) is not present in table "oauth2_provider_application".
The view tries to create an AccessToken
for the MyApplication
with id=1. But the AccessToken.application
ForeignKey appears to point to table oauth2_provider_application
; not table authentication_myapplication
.
Inspect the tables to check: using
psql
\d oauth2_provider_accesstoken
here we see
Foreign-key constraints:
"oauth2_provider_acce_application_id_b22886e1_fk_oauth2_pr" FOREIGN KEY (application_id) REFERENCES oauth2_provider_application(id) DEFERRABLE INITIALLY DEFERRED
So AccessToken.application
does indeed point to oauth2_provider_application
, not authentication_myapplication
. This makes sense, because when we migrated oauth2_provider, we hadn't yet swapped the model in the settings.
I should add: I'm using django-oauth-toolkit v2.0. And I see that in our other project (which has django-oauth-toolkit = "<2"
) migration 0006 is not yet present. So this seems like a v2.0 thing.
I guess this might not affect you if you are upgrading from v1.x to v2.0 (because migrations 0001-0005 will have been run a long time ago). But it is definitely breaking new v2.0 setups.
When I try Approach 1 described above using oauth-toolkit v1.7.1, it just works.
There goes 2 days of my life :wave:
Just curious to see if setting up my custom Application in 1.7.1 and then upgrading to 2.0.0 would work -- but migration 0006 also causes an error in this case.
AttributeError: Manager isn't available; 'oauth2_provider.Application' has been swapped for 'authentication.MyApplication'
Just curious to see if setting up my custom Application in 1.7.1 and then upgrading to 2.0.0 would work -- but migration 0006 also causes an error in this case.
AttributeError: Manager isn't available; 'oauth2_provider.Application' has been swapped for 'authentication.MyApplication'
@binnev See pinned issue #1146 which is pending a fix. I hope to get to this in the coming week or so.
:memo: what I did to setup custom models, for future reference:
sample_identity
is where my User model for AUTH_USER_MODEL livessample_identity_oauth2_provider
is where my customized oauth2_provider livessample_identity_oauth2_provider.models
.sample_identity_oauth2_provider.models
.sample_identity_oauth2_provider
manually, adjust dependencies etc.Now you can start customizing models in sample_identity_oauth2_provider.models
.
Following are the end results that you could just copy to your codebase:
On version 2.1.0
. Not sure if this can help anyone else but adding
run_before = [
('oauth2_provider', '0001_initial'),
]
to the Application model swap migration, and then specifying the new model with OAUTH2_PROVIDER_APPLICATION_MODEL
prior (yes, despite the documentation explicitly mentioning not to do this) to running the migration worked for me.
Managed to get it working as per @michaeljaszczuk's suggestion above https://github.com/jazzband/django-oauth-toolkit/issues/634#issuecomment-994821666. Tried to get it working on a DB that wasn't empty to save data transfer but required empty DB to work properly.
For anyone that's starting from a new app or haven't ran any migration for this app yet and want to swap models, here's the hacky way which works for me:
./manage.py makemigrations custom_app_name
run_before = [
("oauth2_provider", "0001_initial"),
]
./manage.py migrate
I have encountered all of the errors mentioned above and followed the fixes mentioned but nothing worked for me.
I'm using version 2.2.0 btw.
Also stumbled upon this and the only think that worked was the solution in https://github.com/jazzband/django-oauth-toolkit/issues/634#issuecomment-994821666
Same issue here. Trying to swap those models in my project via:
class Application(oauth2_models.AbstractApplication): pass class Grant(oauth2_models.AbstractGrant): pass class AccessToken(oauth2_models.AbstractAccessToken): pass class RefreshToken(oauth2_models.AbstractRefreshToken): pass
raises this error when applying migrations:
oauth2_provider.RefreshToken.access_token: (fields.E304) Reverse accessor for 'RefreshToken.access_token' clashes with reverse accessor for 'RefreshToken.access_token'. HINT: Add or change a related_name argument to the definition for 'RefreshToken.access_token' or 'RefreshToken.access_token'. oauth2_provider.RefreshToken.access_token: (fields.E305) Reverse query name for 'RefreshToken.access_token' clashes with reverse query name for 'RefreshToken.access_token'. HINT: Add or change a related_name argument to the definition for 'RefreshToken.access_token' or 'RefreshToken.access_token'. oauth2_provider.RefreshToken.application: (fields.E304) Reverse accessor for 'RefreshToken.application' clashes with reverse accessor for 'RefreshToken.application'. HINT: Add or change a related_name argument to the definition for 'RefreshToken.application' or 'RefreshToken.application'. users.RefreshToken.access_token: (fields.E304) Reverse accessor for 'RefreshToken.access_token' clashes with reverse accessor for 'RefreshToken.access_token'. HINT: Add or change a related_name argument to the definition for 'RefreshToken.access_token' or 'RefreshToken.access_token'. users.RefreshToken.access_token: (fields.E305) Reverse query name for 'RefreshToken.access_token' clashes with reverse query name for 'RefreshToken.access_token'. HINT: Add or change a related_name argument to the definition for 'RefreshToken.access_token' or 'RefreshToken.access_token'. users.RefreshToken.application: (fields.E304) Reverse accessor for 'RefreshToken.application' clashes with reverse accessor for 'RefreshToken.application'. HINT: Add or change a related_name argument to the definition for 'RefreshToken.application' or 'RefreshToken.application'.
I got around this.
Step 1:
Create your custom model with related fields set to None. In my case, I was creating (only) a JWTAccessToken model, so I set id_token = None
and source_refresh_token = None
.
Setting the related fields to non (temporarily) allows the migration to work without E304 and the migration succeded without having the other error I was getting: "[...]token was declared with a lazy reference to 'myappname.accesstoken', but app 'myappname' isn't installed".
Step 2:
With that first migration completed on myappname, we are free to restore the related attributes. That is, in my case, remove id_token = None
and source_refresh_token = None
.
Before creating the final migration, change the settings file to swap the models. Note that I had to add values pointing OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'oauth2_provider.RefreshToken'
and the equivalent for the id token model.
As has been noted elsewhere, squashmigrations is not going to work because between these 2 migrations, you have to change the settings file. As far as I know that can't be deployed as a migration.
Hi! I faced every issue that is explained here and after struggling for some hours I found a potential solid solution. Once you fix everything (as people explain here) you should arrive to the point when the manager is not available
AttributeError: Manager isn't available; 'oauth2_provider.Application' has been swapped for XXX
Well, that's good! Now, on the migration where your models are created I did not need the "run_first" statement but to fulfill the "dependencies". This is my migration (everything is needed because of the foreign keys between models)
`from django.conf import settings from django.db import migrations, models import django.db.models.deletion import oauth2_provider.generators import uuid
class Migration(migrations.Migration):
initial = True
dependencies = [
migrations.swappable_dependency(settings.OAUTH2_PROVIDER_APPLICATION_MODEL),
migrations.swappable_dependency(settings.OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL),
]
operations = [
migrations.CreateModel(
name='Application',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('client_id', models.CharField(db_index=True, default=oauth2_provider.generators.generate_client_id, max_length=100, unique=True)),
('redirect_uris', models.TextField(blank=True, help_text='Allowed URIs list, space separated')),
('client_type', models.CharField(choices=[('confidential', 'Confidential'), ('public', 'Public')], max_length=32)),
('authorization_grant_type', models.CharField(choices=[('authorization-code', 'Authorization code'), ('implicit', 'Implicit'), ('password', 'Resource owner password-based'), ('client-credentials', 'Client credentials'), ('openid-hybrid', 'OpenID connect hybrid')], max_length=32)),
('client_secret', models.CharField(blank=True, db_index=True, default=oauth2_provider.generators.generate_client_secret, max_length=255)),
('name', models.CharField(blank=True, max_length=255)),
('skip_authorization', models.BooleanField(default=False)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('algorithm', models.CharField(blank=True, choices=[('', 'No OIDC support'), ('RS256', 'RSA with SHA-2 256'), ('HS256', 'HMAC with SHA-2 256')], default='', max_length=5)),
],
options={
'abstract': False,
'swappable': 'OAUTH2_PROVIDER_APPLICATION_MODEL',
},
),
migrations.CreateModel(
name='AccessToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('token', models.CharField(max_length=255, unique=True)),
('expires', models.DateTimeField()),
('scope', models.TextField(blank=True)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
],
options={
'abstract': False,
},
),
migrations.CreateModel(
name='Grant',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('code', models.CharField(max_length=255, unique=True)),
('expires', models.DateTimeField()),
('redirect_uri', models.TextField()),
('scope', models.TextField(blank=True)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('code_challenge', models.CharField(blank=True, default='', max_length=128)),
('code_challenge_method', models.CharField(blank=True, choices=[('plain', 'plain'), ('S256', 'S256')], default='', max_length=10)),
('nonce', models.CharField(blank=True, default='', max_length=255)),
('claims', models.TextField(blank=True)),
],
options={
'abstract': False,
},
),
migrations.CreateModel(
name='IDToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('jti', models.UUIDField(default=uuid.uuid4, editable=False, unique=True, verbose_name='JWT Token ID')),
('expires', models.DateTimeField()),
('scope', models.TextField(blank=True)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
],
options={
'abstract': False,
},
),
migrations.CreateModel(
name='RefreshToken',
fields=[
('id', models.BigAutoField(primary_key=True, serialize=False)),
('token', models.CharField(max_length=255)),
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('revoked', models.DateTimeField(null=True)),
('access_token', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='refresh_token', to=settings.OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL)),
('application', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)),
],
options={
'abstract': False,
},
),
]
`
First step: accomplished. The second step brings us to the "settings.py" file. I've had to add these definitions. `from oauth2_provider.settings import oauth2_settings OAUTH2_PROVIDER_APPLICATION_MODEL = 'your_app.Application' OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'your_app.AccessToken' OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'your_app.RefreshToken' OAUTH2_PROVIDER_ID_TOKEN_MODEL = 'your_app.IDToken' OAUTH2_PROVIDER_GRANT_MODEL = 'your_app.Grant'
"""THIS IS WHAT IS GOING TO MAP YOUR MODEL WITH THE MANAGER AND ENABLE IT INSTEAD OF CALLING THE ORIGINAL APP PLUS YOU WON'T NEED TO REGISTER your_app.Application, your_app.AccessToken, ... ON THE ADMIN BECAUSE EVERYTHING IS ALREADY MAPPED THROUGH THE PACKAGE""" oauth2_settings.APPLICATION_MODEL = 'your_app.Application' oauth2_settings.ACCESS_TOKEN_MODEL = 'your_app.AccessToken' oauth2_settings.REFRESH_TOKEN_MODEL = 'your_app.RefreshToken' oauth2_settings.ID_TOKEN_MODEL = 'your_app.IDToken' oauth2_settings.GRANT_MODEL = 'your_app.Grant'`
The "bug" here is that the package is retrieving the modules like this:
APPLICATION_MODEL = getattr(settings, "OAUTH2_PROVIDER_APPLICATION_MODEL", "oauth2_provider.Application")
And looks like is not working as good as should be. So the solution is: OVERRIDE those little annoying settings and your problems are gone.
Step 3: python manage.py runserver and enjoy happy coding :)
If you still have problems here is solution that worked for me:
Summary:
- My db is clear, no migrations made
- I needed to overwrite ALL models
- django-oauth-toolkit==1.5.0
- Django==4.0
1. Add to settings.py:
OAUTH2_PROVIDER = { 'ACCESS_TOKEN_EXPIRE_SECONDS': 3600, 'SCOPES_BACKEND_CLASS': 'custom_oauth.backend.DjangoScopes', 'APPLICATION_MODEL': 'custom_oauth.Application', 'ACCESS_TOKEN_MODEL': 'custom_oauth.AccessToken', } OAUTH2_PROVIDER_APPLICATION_MODEL = 'custom_oauth.Application' OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'custom_oauth.AccessToken' OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "custom_oauth.RefreshToken" OAUTH2_PROVIDER_ID_TOKEN_MODEL = "custom_oauth.IDToken"
INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'custom_oauth', 'oauth2_provider', ]
2. Implement models:
class Application(AbstractApplication): objects = ApplicationManager() class Meta(AbstractApplication.Meta): swappable = "OAUTH2_PROVIDER_APPLICATION_MODEL" def natural_key(self): return (self.client_id,) class AccessToken(AbstractAccessToken): class Meta(AbstractAccessToken.Meta): swappable = "OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL" class RefreshToken(AbstractRefreshToken): """ extend the AccessToken model with the external introspection server response """ class Meta(AbstractRefreshToken.Meta): swappable = "OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL" class IDToken(AbstractIDToken): """ extend the AccessToken model with the external introspection server response """ class Meta(AbstractIDToken.Meta): swappable = "OAUTH2_PROVIDER_ID_TOKEN_MODEL"
3. Run makemigrations and migrate
What was most important? You need to implement and overwrite ALL models (Access, Refresh, ID, Application)
If someone still are having trouble after do that, consider deleting the migrations in the virtual enviroment of the oauth2 package
custom_oauth
ValueError: The field oauth2_provider.AccessToken.application was declared with a lazy reference to 'custom_oauth.application', but app 'custom_oauth' isn't installed. The field oauth2_provider.AccessToken.id_token was declared with a lazy reference to 'custom_oauth.idtoken', but app 'custom_oauth' isn't installed. The field oauth2_provider.AccessToken.source_refresh_token was declared with a lazy reference to 'custom_oauth.refreshtoken', but app 'custom_oauth' isn't installed. The field oauth2_provider.Grant.application was declared with a lazy reference to 'custom_oauth.application', but app 'custom_oauth' isn't installed. The field oauth2_provider.IDToken.application was declared with a lazy reference to 'custom_oauth.application', but app 'custom_oauth' isn't installed. The field oauth2_provider.RefreshToken.access_token was declared with a lazy reference to 'custom_oauth.accesstoken', but app 'custom_oauth' isn't installed. The field oauth2_provider.RefreshToken.application was declared with a lazy reference to 'custom_oauth.application', but app 'custom_oauth' isn't installed.
Giving above errors
Hey guys,
So I'm swapping the OAuth models on an application that is already live. All sorts of nice things there, but I'm getting around. I have however 2 comments
I haven't found much documentation on this subject. I think it's important to mention that since multiple models are linked together, it's a good idea to swap them all if you start to swap one. I started with just changing
AccessToken
but it created all sorts of complexitiesMore importantly, I think for a brand new application, it's not possible to swap the models anymore. Indeed, with the new 1.1 datamodel,
AccessToken
referencesRefreshToken
throughsource_refresh_token
andRefreshToken
referencesAcessToken
throughaccess_token
. In your app this is ok because this is done over a few migration that creates the 2 tables with only one FK, and then add the second FK afterwards. But on new applications that try to swap the model, it will try to create the full table in one go and fail. I had to manually hack the migration and split the table creation manually. --> I don't have a great solution for you, but tables that cross references themselves cyclically is bad news I guess