CODEWITHSUNDEEP
djangooauth
Alex Won
Alex Won

Reputation: 177

django oauth toolkit unsupported_grant_type error

I tried to add outh2 to my django app, so I used django oauth toolkit. So I followed the tutorial, but if I try to get the users token it always sends me a unsupported_grant_type error. How can I fix this error?

settings.py

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
    )
}

OAUTH2_PROVIDER = {
    # parses OAuth2 data from application/json requests
    'OAUTH2_BACKEND_CLASS': 'oauth2_provider.oauth2_backends.JSONOAuthLibCore',
}

urls.py

urlpatterns = [
    path('admin/', admin.site.urls),
    path('api/', include('myapp.api.urls')),
    path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
]

client type: confidential

authorization grant type: Resource owner password-based

chrome advanced rest client

url : http://client_id:client_secret@localhost:8000/o/token/

requirements.txt

asgiref==3.2.5
autopep8==1.5
certifi==2019.11.28
chardet==3.0.4
Django==3.0.4
django-oauth-toolkit==1.3.0
djangorestframework==3.11.0
idna==2.9
oauthlib==3.1.0
pycodestyle==2.5.0
pytz==2019.3
requests==2.23.0
sqlparse==0.3.1
urllib3==1.25.8

Upvotes: 0

Views: 3402

Answers (2)

Greatxam Darthart
Greatxam Darthart

Reputation: 188

Just remove the OAUTH2_BACKEND_CLASS in the OAUTH2_PROVIDER settings.

OAUTH2_PROVIDER = {
    # parses OAuth2 data from application/json requests
    # 'OAUTH2_BACKEND_CLASS': 'oauth2_provider.oauth2_backends.JSONOAuthLibCore',
    # this is the list of available scopes
    'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
}

If you intend to use the OAUTH2_BACKEND_CLASS, you should send the body in JSON format.

{
    "grant_type":"password",
    "client_id":"<client_id>",
    "client_secret":"<client_secret>",
    "username":"<usename>",
    "password":"<password>"
}

curl -X POST -d '{"grant_type":"password","client_id":"<client_id>","client_secret":"<client_secret>","username":"<username>","password":"<password>"}' http://localhost:8000/o/token/

Upvotes: 3

hassanzadeh.sd
hassanzadeh.sd

Reputation: 3491

1. you have to create application :

http://localhost:8000/o/applications/

Click on the link to create a new application and fill the form with the following data:

Name : just a name of your choice

Client Type : confidential

Authorization Grant Type : Resource owner password-based and you give clientId and SecretClient

2. Get your token and use your API

curl -X POST -d "grant_type=password&username=<user_name>&password=<password>" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/

example:

curl -X POST -d "grant_type=password&username=Alex&password=Won123" -u"cWS5WudFiBhHh6BZxcaOgRGfrZjhcP2rfQcWVyaU:puNJ1SgQbp39Ai1TmYJx0wL9LnC6FNarnY3dgYBA3Z7AgQR5zRcfw5U144zxJ6vndW0jtV4WWKip33kQnFUl4v73xt2IosLGHo7k1w35R7aK8aFL3ZBoMcQ3pyaWjkBT" http://127.0.0.1:8000/o/token/

The user_name and password are the credential of the users registered in your Authorization server and finally in response you give token and use token like this for your request :

curl -H "Authorization: Bearer <your_access_token>" http://localhost:8000/api/users

pay attention for your application config and your user name and password.

Upvotes: -1

Related Questions