1. David Larlet
  2. django-oauth-plus
  3. Issues
Issue #26 wontfix

Different method signature for login view

Anonymous created an issue

views.py, line 127, there is: response = authorize_view(request, request_token, request_token.get_callback_url(), params)

In my case it didn't work due to the fact that authorize_view is 'django.contrib.auth.views.login' which accepts different parameters, so the request_token is passed as template_name and the oauth_token is passed as authentication_form.

I've changed that to: response = authorize_view(request)

Now when I try to follow https://bitbucket.org/david/django-oauth-plus/wiki/protocol_example I get stuck at the 'Requesting User Authorization' step. The response status_code is always 302.

Comments (3)

  1. Michał Jaworski

    You can't change oauth_provider.views.user_authorization in such way. This just won't work. And you can't use django.contrib.auth.views.login as your oauth authorization view.

    You don't authorize user to django.contrib.auth with oauth_provider. Your user (already logged/authenticated!) authorizes third-party site to access your resources on his behalf. You must write your own view which gives user option to give access and make POST back to your site.

    If you need example here is one:

    from django.shortcuts import render
    from oauth_provider.forms import AuthorizeRequestTokenForm
    
    class OAuthAuthorizationView(View):
        template_name = "accounts/oauth_authorize.html"
    
        def get(self, request, request_token, callback, params):
            form = AuthorizeRequestTokenForm(initial={'oauth_token': request_token.key})
            ctx = {"token": request_token, 'form': form}
            return render(self.request, self.template_name, ctx)
    

    with minimal working template:

    {% extends "base.html" %}
    
    {% block content %}
        <form method="post" action="/oauth/authorize" class="form-horizontal">
             Application <b>{{ token.consumer.name }}</b> requests your authorization. Authorize access?
              {% csrf_token %}
              {{ form|as_p }}
              <input type="submit" value="submit" class="btn btn-primary"/>
        </form>
    {% endblock %}
    

    You can use both class-based and function-based view.

    Notice: you don't need to handle POST's. They are already handled in oauth_provider.views.user_authorization. This view invokes your custom authorization view (set with OAUTH_AUTHORIZE_VIEW) on GET only when gets valid request token. It won't even call your view on POST.

  2. Log in to comment