
Sample OAuth 2.0 Client, OAuth 2.0 Resource Server based on Python and Authlib

Primary LanguagePython

Sample Python-based OAuth 2.0 Client and OAuth 2.0 Resource Server

Getting started

🎟 Pre-requisites

  • GNU Make

🔌 Initial startup:

# Ensure environment is created
make bootstrap

# Activate the environment
. venv/bin/activate

# Create a valid .env file
cp .env.template .env

Fill in the details of the .env file as per template.

OAuth 2.0 Client (Web - Django)

The sample OAuth 2.0 Client is built with Authlib Django library support

Starting the client

make client-serve
# Starts on port **8000**

🧑‍🍳 How it's made

🛒 On the OAuth 2.0 Client side

  • The client can be found in the client directory in the root of this repository
  • Django has the concept of sites and apps, so:
    • The site is located in client/client_site
    • The one and only app is located in client/client_app
  • 💎 Observe the global client configuration in authlib_registered_oauth2_clients in client/client_site/oauth2_clients.py
    • The client definitions are passed to Authlib via environment variable set in client/client_site/settings.py
  • 💎 Observe the OAuth client definition in client/client_app/oauth2.py
    • The OAuth clients defined are passed to client/client_app/views.py for use.
  • 💎 By default, the client is wired up with name messaging_client
  • ⭐️ Observe the available endpoints for the client application at client/client_app/urls.py

🔑 On the OAuth 2.0 Authorization Server side (bring your own):

  • Make sure to configure a client registration with name messaging_client that:
    • includes scopes openid and message.read
    • includes redirects like the following (change the host name as needed):
      • (for OpenID authentication)
      • (for Authorization Code grant type)
    • ⚠️ Make sure you don't confuse localhost and loopback address. When in doubt, rely on when setting up redirects and navigating in the browser.


OAuth 2.0 Resource Server (REST API - Flask 2.x)

The sample OAuth 2.0 Resource Server is built with Authlib Flask 2.0 library support


Starting the resource server

make resourceserver-serve
# Starts on port **8001**

To independently verify that your protected resources are fetchable given an access token, run:

jq command is required.

./resourceserver/scripts/test-access-token.sh <JSON_WEB_TOKEN_STRING>

client_id, client_secret, and token_introspection_endpoint variables must be set in .env file
