openedx.core.djangoapps.oauth_dispatch package

Contents

openedx.core.djangoapps.oauth_dispatch package#

Subpackages#

Submodules#

openedx.core.djangoapps.oauth_dispatch.api module#

OAuth related Python apis.

openedx.core.djangoapps.oauth_dispatch.api.create_dot_access_token(request, user, client, expires_in=None, scopes=None)#

Create and return a new (persisted) access token, including a refresh token. The token is returned in the form of a Dict:

{

u’access_token’: u’some string’, u’refresh_token’: u’another string’, u’token_type’: u’Bearer’, u’expires_in’: 36000, u’scope’: u’profile email’,

},

openedx.core.djangoapps.oauth_dispatch.api.destroy_oauth_tokens(user)#

Destroys ALL OAuth access and refresh tokens for the given user.

openedx.core.djangoapps.oauth_dispatch.apps module#

Configure OAuthDispatch App

class openedx.core.djangoapps.oauth_dispatch.apps.OAuthDispatchAppConfig(app_name, app_module)#

Bases: AppConfig

OAuthDispatch Configuration

name = 'openedx.core.djangoapps.oauth_dispatch'#

openedx.core.djangoapps.oauth_dispatch.jwt module#

Utilities for working with ID tokens.

openedx.core.djangoapps.oauth_dispatch.jwt.create_jwt_for_user(user, secret=None, aud=None, additional_claims=None, scopes=None)#

Returns a JWT to identify the given user.

TODO (ARCH-204) Note the returned JWT does not have an underlying access token associated with it and so cannot be invalidated nor refreshed. This interface should be revisited when addressing authentication-related cleanup as part of ARCH-204.

Parameters:

  • user (User) – User for which to generate the JWT.

  • scopes (list) – Optional. Scopes that limit access to the token bearer and controls which optional claims are included in the token.

Deprecated Arguments (to be removed):

secret (string): Overrides configured JWT secret (signing) key. aud (string): Optional. Overrides configured JWT audience claim. additional_claims (dict): Optional. Additional claims to include in the token.

openedx.core.djangoapps.oauth_dispatch.jwt.create_jwt_from_token(token_dict, oauth_adapter, use_asymmetric_key=None)#

Returns a JWT created from the provided access token dict.

Note: if you need the token dict, and not just the JWT, use

create_jwt_token_dict instead. See its docs for more details.

openedx.core.djangoapps.oauth_dispatch.jwt.create_jwt_token_dict(token_dict, oauth_adapter, use_asymmetric_key=None)#

Returns a JWT access token dict based on the provided access token.

Parameters:

token_dict (dict) – An access token structure as returned from an underlying OAuth provider. Dict includes “access_token”, “expires_in”, “token_type”, and “scope”.

Deprecated Arguments (to be removed):
oauth_adapter (DOPAdapter|DOTAdapter): An OAuth adapter that will

provide the given token’s information.

use_asymmetric_key (Boolean): Optional. Whether the JWT should be signed

with this app’s private key. If not provided, defaults to whether the OAuth client is restricted.

openedx.core.djangoapps.oauth_dispatch.models module#

Specialized models for oauth_dispatch djangoapp

class openedx.core.djangoapps.oauth_dispatch.models.ApplicationAccess(*args, **kwargs)#

Bases: Model

Specifies access control information for the associated Application.

For usage details, see: - openedx/core/djangoapps/oauth_dispatch/docs/decisions/0007-include-organizations-in-tokens.rst

CONTENT_ORG_FILTER_NAME = 'content_org'#
exception DoesNotExist#

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned#

Bases: MultipleObjectsReturned

application#

Accessor to the related object on the forward side of a one-to-one relation.

In the example:

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

application_id#
filters#

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

classmethod get_filter_values(application, filter_name)#
classmethod get_filters(application)#
classmethod get_scopes(application)#
id#

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

objects = <django.db.models.manager.Manager object>#
scopes#

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

class openedx.core.djangoapps.oauth_dispatch.models.ApplicationOrganization(*args, **kwargs)#

Bases: Model

DEPRECATED: Associates a DOT Application to an Organization.

This model is no longer in use.

TODO: BOM-1270: This model and table will be removed post-Juniper so Open edX instances can migrate data if necessary.

To migrate, use ApplicationAccess and add a filter of the form content_org:<ORG NAME> (e.g. content_org:edx), for each record in this model’s table.

exception DoesNotExist#

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned#

Bases: MultipleObjectsReturned

RELATION_TYPES = (('content_org', 'Content Provider'),)#
RELATION_TYPE_CONTENT_ORG = 'content_org'#
application#

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

application_id#
get_relation_type_display(*, field=<django.db.models.fields.CharField: relation_type>)#
id#

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

objects = <django.db.models.manager.Manager object>#
organization#

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

organization_id#
relation_type#

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

class openedx.core.djangoapps.oauth_dispatch.models.RestrictedApplication(*args, **kwargs)#

Bases: Model

This model lists which django-oauth-toolkit Applications are considered ‘restricted’ and thus have a limited ability to use various APIs.

A restricted Application will only get expired token/JWT payloads so that they cannot be used to call into APIs.

exception DoesNotExist#

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned#

Bases: MultipleObjectsReturned

application#

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

application_id#
id#

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

objects = <django.db.models.manager.Manager object>#
classmethod should_expire_access_token(application)#
classmethod verify_access_token_as_expired(access_token)#

For access_tokens for RestrictedApplications, make sure that the expiry date is set at the beginning of the epoch which is Jan. 1, 1970

openedx.core.djangoapps.oauth_dispatch.scopes module#

Custom Django OAuth Toolkit scopes backends.

class openedx.core.djangoapps.oauth_dispatch.scopes.ApplicationModelScopes#

Bases: SettingsScopes

Scopes backend that determines available scopes using the ApplicationAccess model.

get_available_scopes(application=None, request=None, *args, **kwargs)#

Returns valid scopes configured for the given application.

has_user_id_in_application_scopes(application)#

Returns the user id associated with the given application.

openedx.core.djangoapps.oauth_dispatch.toggles module#

Toggles for Oauth Dispatch.

openedx.core.djangoapps.oauth_dispatch.urls module#

OAuth2 wrapper urls

openedx.core.djangoapps.oauth_dispatch.views module#

Views that dispatch processing of OAuth requests to django-oauth2-provider or django-oauth-toolkit as appropriate.

class openedx.core.djangoapps.oauth_dispatch.views.AccessTokenExchangeView(**kwargs)#

Bases: _DispatchingView

Exchange a third party auth token.

dispatch(request, *args, **kwargs)#

Dispatch the request to the selected backend’s view.

dot_view#

alias of DOTAccessTokenExchangeView

class openedx.core.djangoapps.oauth_dispatch.views.AccessTokenView(**kwargs)#

Bases: _DispatchingView

Handle access token requests.

dispatch(request, *args, **kwargs)#

Dispatch the request to the selected backend’s view.

dot_view#

alias of TokenView

class openedx.core.djangoapps.oauth_dispatch.views.AuthorizationView(**kwargs)#

Bases: _DispatchingView

Part of the authorization flow.

dot_view#

alias of EdxOAuth2AuthorizationView

class openedx.core.djangoapps.oauth_dispatch.views.RevokeTokenView(**kwargs)#

Bases: _DispatchingView

Dispatch to the RevokeTokenView of django-oauth-toolkit

Note: JWT access tokens are non-revocable, but you could still revoke

its associated refresh_token.

dot_view#

alias of RevokeTokenView

Module contents#

Contents