Getting a token with Django Oauth Toolkit

Question

I have a doubt:

According to the documentation, for getting a token i need to do this:

curl -X POST -d "grant_type=password&username=<user_name>&password=<password>&scope=read" http://<client_id>:<client_secret>@localhost:8000/o/token 

In my system, i have two possibilities of login, one with the auth user of django and another one with facebook. The one of the auth user everything is working correctly, but with facebook i stored the credentials of the user in another table, not in auth user. So when i try to have a token i cannot make it because i do not have a username and a password of the auth user of django that the oauth toolkit force me to have it in the POST.

How can i make it to have both chances of getting a token, with username & password and with useridfacebook and token of facebook?

Thank you for your help.

Greetings.

Answer 1

You can override DOT's default behaviour and authenticate users by writing your own OAuth2Validator class, something like:

from oauth2_provider.oauth2_validators import OAuth2Validator

class MyOAuth2Validator(OAuth2Validator):
    def validate_user(self, username, password, client, request, *args, **kwargs):
        """
        Check username and password correspond to a valid and active User, if fails
        try Facebook token authentication
        """
        u = authenticate(username=username, password=password)
        if u is None or not u.is_active:
           u = authenticate_with_facebook()

        if u is not none and u.is_active:
           request.user = u
           return True

        return False

then you have to tell DOT to use your class and not the default one putting something like this in your settings:

OAUTH2_PROVIDER = {
    # other DOT settings
    'OAUTH2_VALIDATOR_CLASS': 'your_app_name.MyOAuth2Validator',
}

HTH