Hello, I would like some help with django oauth2 flow. I have created an app:
*redirect_uri http://127.0.0.1:8000/accounts/login/ <http://127.0.0.1:8000/accounts/login/>* *client_type public* *authorization_grant_type is authorization code* *name test* I have a client id and a secret. I want to get authenticated via curl and at the end retrieve the user logged in as request.user. Here is the flow so far. 1. I go to http://127.0.0.1:8000/o/authorize/?client_id=kR2VKTWYXd1bPSf6nog8LHeCaJdh9uftdg2MMSR9&response_type=code&state=random_state_string&redirect_uri=http://127.0.0.1:8000/accounts/login/ 2. I get to the authorize screen with authorize button 3. After authorizing, I get to the login page where I enter login and password 4. I get to /account/profile screen where I get a unauthorised message What am I doing wrong here? GET /accounts/profile/ HTTP 401 UnauthorizedWWW-Authenticate: Bearer realm="api"Vary: AcceptAllow: GET, POST, HEAD, OPTIONSContent-Type: application/json { "detail": "Authentication credentials were not provided."} Here is my settings.py INSTALLED_APPS = ( 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'oauth2_provider', 'corsheaders', 'registration', 'rest_framework', 'rest_framework_swagger', 'test', ) MIDDLEWARE_CLASSES = ( 'disable.DisableCSRF', 'corsheaders.middleware.CorsMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'oauth2_provider.middleware.OAuth2TokenMiddleware', ) ROOT_URLCONF = 'test.urls' CORS_ORIGIN_ALLOW_ALL = True ## COMMENT THIS LATER TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] AUTHENTICATION_BACKENDS = ( 'oauth2_provider.backends.OAuth2Backend', # Uncomment following if you want to access the admin 'django.contrib.auth.backends.ModelBackend' ) # be sure following two appear in this order WSGI_APPLICATION = 'test.wsgi.application' REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'oauth2_provider.ext.rest_framework.OAuth2Authentication', ) } OAUTH2_PROVIDER = { # this is the list of available scopes 'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'} } -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fc8002e3-b860-4e36-91be-5973c8913981%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
