search

jazzband / django-oauth-toolkit

OAuth2 goodies for the Djangonauts!
https://django-oauth-toolkit.readthedocs.io
Other
3.06k stars 777 forks source link

Implementing custom token generator #732

Open KhashayarMirMS opened 4 years ago

KhashayarMirMS commented 4 years ago

Hi, I want to implement a custom token generator to use JWT in DOT. There are several issues related to this problem which lead to this pull request: #467. But the pull request is about writing custom models for tokens which doesn't handle token generation.

The solution that I've currently found is to write a custom Server Class to pass a custom generator function to BearerToken. But I've seen that Server Class instances are initialized with a token_generator function passed to them, but I can't find out where the instances are initialized.

I would appreciate if you could help me with this matter.

JonathanHuot commented 4 years ago

Hi, do you want to generate access_token as JWT ? If yes, please have a look at https://oauthlib.readthedocs.io/en/latest/oauth2/tokens/bearer.html

KhashayarMirMS commented 4 years ago

Hi, yes I wanted to generate access token as JWT and I used the documentation you mentioned for the matter, my question can be related to this part of the documentation: image This initializes a new server object. But I couldn't find how to tell DOT to use this instance for it's OauthBackend instance.

IvanAnishchuk commented 4 years ago

I think there are currently multiple places in the code where server instance is being initialized (three, if I remember correctly) and only one of them can be subclassed easily (OAuthLibCore.__init__). I think a good solution would be to add a settings option to allow passing custom kwargs to those server instances and maybe a couple specific settings for passing token_generator and refresh_token_generator there specifically (in a way that supports passing import strings in settings and perhaps making them classes that can accept parameters before being passed to server, client_id/client_secret generators are class-based and accept parameters, sounds like a usable pattern). This sounds like a small enough change that shouldn't break compatibility, let me see if I can fix a PR for this quickly....

Note however that you're likely to need to use a custom Server class anyway, sooner or later, if you want to customize anything regarding auth flow, You might as well start now, that's the simplest way to achieve what you need right now without updating the library.