Access Token Generation


The TokenGenerator is used by the oauth2app.token.handler method to generate access tokens. It responds to several grant types, specified through the grant_type request parameter.

  • authorization_code: Grants an access token based on an authorization code issued via Authorization.
  • refresh_token: Refreshes an access token.
  • password: Grants an access token based on a POST containing a username and password.
  • client_credentials: Grants an access token based specific to the client to access internal resources.

Connect the handler method to the access endpoint.

from django.conf.urls.defaults import patterns

urlpatterns = patterns('',
    (r'^oauth2/token/?$',  'oauth2app.token.handler'),

To set token handler parameters, you can also use the TokenGenerator callable.

from django.conf.urls.defaults import patterns
from oauth2app.token import TokenGenerator
from oauth2app.consts import MAC

oauth2_token_generator = TokenGenerator(authentication_method=MAC, refreshable=False)

urlpatterns = patterns('',
        (r'^token/?$',  oauth2_token_generator)

Module Reference

OAuth 2.0 Token Generation

exception oauth2app.token.AccessTokenException[source]

Access Token exception base class.

exception oauth2app.token.InvalidClient[source]

Client authentication failed (e.g. unknown client, no client credentials included, multiple client credentials included, or unsupported credentials type).

error = 'invalid_client'
exception oauth2app.token.InvalidGrant[source]

The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

error = 'invalid_grant'
exception oauth2app.token.InvalidRequest[source]

The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.

error = 'invalid_request'
exception oauth2app.token.InvalidScope[source]

The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.

error = 'invalid_scope'
class oauth2app.token.TokenGenerator(scope=None, authentication_method=1, refreshable=True)[source]

Token access handler. Validates authorization codes, refresh tokens, username/password pairs, and generates a JSON formatted authorization code.


  • request: Django HttpRequest object.


  • scope: An iterable of oauth2app.models.AccessRange objects representing the scope the token generator will grant. Default None
  • authentication_method: Type of token to generate. Possible values are: oauth2app.consts.MAC and oauth2app.consts.BEARER Default oauth2app.consts.BEARER
  • refreshable: Boolean value indicating whether issued tokens are refreshable. Default True
access_token = None
client = None
code = None
error = None

In the event of an error, return a Django HttpResponse with the appropriate JSON encoded error parameters.

Returns HttpResponse


Returns a JSON formatted authorization code.

request = None
user = None
valid = False

Validate the request. Raises an AccessTokenException if the request fails authorization.

Returns None

exception oauth2app.token.UnauthorizedClient[source]

The client is not authorized to request an authorization code using this method.

error = 'unauthorized_client'
exception oauth2app.token.UnsupportedGrantType[source]

The authorization grant type is not supported by the authorization server.

error = 'unsupported_grant_type'
exception oauth2app.token.UnvalidatedRequest[source]

The method requested requires a validated request to continue.

oauth2app.token.handler(*args, **kwargs)[source]

Token access handler. Conveneince function that wraps the Handler() callable.


  • request: Django HttpRequest object.