django oauth2 flow

[Shekar Tippur]

Hello,

I would like some help with django oauth2 flow.

I have created an app:

redirect_uri http://127.0.0.1:8000/accounts/login/

client_type public

authorization_grant_type is authorization code

name test

I have a client id and a secret. I want to get authenticated via curl and at the end retrieve the user logged in as request.user.

Here is the flow so far.

1. I go to http://127.0.0.1:8000/o/authorize/?client_id=kR2VKTWYXd1bPSf6nog8LHeCaJdh9uftdg2MMSR9&response_type=code&state=random_state_string&redirect_uri=http://127.0.0.1:8000/accounts/login/
   
2. I get to the authorize screen with authorize button
   
3. After authorizing, I get to the login page where I enter login and password
4. I get to /account/profile screen where I get a unauthorised message

What am I doing wrong here?

GET /accounts/profile/

HTTP 401 Unauthorized
WWW-Authenticate: Bearer realm="api"
Vary: Accept
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json

{
    "detail": "Authentication credentials were not provided."
}

Here is my settings.py

INSTALLED_APPS = (
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'oauth2_provider',
    'corsheaders',
    'registration',
    'rest_framework',
    'rest_framework_swagger',

    'test',
)

MIDDLEWARE_CLASSES = (
    'disable.DisableCSRF',
    'corsheaders.middleware.CorsMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'oauth2_provider.middleware.OAuth2TokenMiddleware',

)

ROOT_URLCONF = 'test.urls'
CORS_ORIGIN_ALLOW_ALL = True ## COMMENT THIS LATER

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

AUTHENTICATION_BACKENDS = (
    'oauth2_provider.backends.OAuth2Backend',
    # Uncomment following if you want to access the admin
    'django.contrib.auth.backends.ModelBackend'
)


    # be sure following two appear in this order


WSGI_APPLICATION = 'test.wsgi.application'

REST_FRAMEWORK = {

    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oauth2_provider.ext.rest_framework.OAuth2Authentication',
    )
}

OAUTH2_PROVIDER = {
    # this is the list of available scopes
    'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
}

[Shekar Tippur]

Any updates on this please? I am stuck with this issue for quite a while now.