The Authenticator object verifies that a request has proper authentication credentials. Optionally a “scope” kwarg of one or more AccessRange objects can be passed to verify that tokens used to access this resource are authorized to access the specific scope.

In the event of an error the Authenticator:error_response() method will wrap an error response with the appropriate OAuth2 headers.

from oauth2app.authenticate import Authenticator, AuthenticationException
from oauth2app.models import AccessRange
from django.http import HttpResponse

def test(request):
    scope = AccessRange.objects.get(key="test_scope")
    authenticator = Authenticator(scope=scope)
        # Validate the request.
    except AuthenticationException:
        # Return an error response.
        return authenticator.error_response(content="You didn't authenticate.")
    username = authenticator.user.username
    return HttpResponse(content="Hi %s, You authenticated!" % username)


The JSONAuthenticator adds convenience methods and supports an optional callback request parameter for use with JSONP requests.

In the event of an error the JSONAuthenticator:error_response() method will return a JSON formatted error HttpResponse.

JSONAuthenticator:response() will serialize an object and return a formatted HttpResponse.

from oauth2app.authenticate import JSONAuthenticator, AuthenticationException

def test(request):
    authenticator = JSONAuthenticator()
        # Validate the request.
    except AuthenticationException:
        # Return a JSON encoded error response.
        return authenticator.error_response()
    username = authenticator.user.userame
    # Return a JSON encoded response.
    return authenticator.response({"username":username})

Module Reference

OAuth 2.0 Authentication

exception oauth2app.authenticate.AuthenticationException[source]

Authentication exception base class.

class oauth2app.authenticate.Authenticator(scope=None, authentication_method=1)[source]

Django HttpRequest authenticator. Checks a request for valid credentials and scope.


  • scope: An iterable of oauth2app.models.AccessRange objects representing the scope the authenticator will authenticate. Default None
  • authentication_method: Accepted authentication methods. Possible values are: oauth2app.consts.MAC, oauth2app.consts.BEARER, oauth2app.consts.MAC | oauth2app.consts.BEARER, Default oauth2app.consts.BEARER
access_token = None
attempted_validation = False
auth_type = None
auth_value = None

The client associated with the valid access token.

oauth2app.models.Client object

error = None
error_response(content='', mimetype=None, content_type='text/html')[source]

Error response generator. Returns a Django HttpResponse with status 401 and the approproate headers set. See Django documentation for details.


  • content: See Django docs. Default ‘’
  • mimetype: See Django docs. Default None
  • content_type: See Django docs. Default DEFAULT_CONTENT_TYPE

The client scope associated with the valid access token.

QuerySet of AccessRange objects.


The user associated with the valid access token.

django.auth.User object

valid = False

Validate the request. Raises an AuthenticationException if the request fails authentication.


  • request: Django HttpRequest object.

Returns None

exception oauth2app.authenticate.InsufficientScope[source]

The request requires higher privileges than provided by the access token.

error = 'insufficient_scope'
exception oauth2app.authenticate.InvalidRequest[source]

The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.

error = 'invalid_request'
exception oauth2app.authenticate.InvalidToken[source]

The access token provided is expired, revoked, malformed, or invalid for other reasons.

error = 'invalid_token'
class oauth2app.authenticate.JSONAuthenticator(scope=None)[source]

Wraps Authenticator, adds support for a callback parameter and JSON related. convenience methods.


  • request: Django HttpRequest object.


  • scope: A iterable of oauth2app.models.AccessRange objects.
callback = None

Returns a HttpResponse object of JSON error data.


Returns a HttpResponse object of JSON serialized data.


  • data: Object to be JSON serialized and returned.
exception oauth2app.authenticate.UnvalidatedRequest[source]

The method requested requires a validated request to continue.

To Do


MAC Authentication