I am learning Django Authentication. So i am trying implement oauth2 authorization in django rest framework. I follow this documentation. But externally i made a custom user model. I provide my settings and ss in the below:
I tried to get access token when i hit the api but it doesn't return access token instead shows invalid_grant.
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
# add apps
'accounts',
'rest_framework',
'oauth2_provider'
]
# OAuth2 provider Configuration
OAUTH2_PROVIDER = {
# this is the list of available scopes
"PKCE_REQUIRED": False,
'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
}
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
AUTH_USER_MODEL = 'accounts.Account'
LOGIN_URL = '/admin/'
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
this is my oauth app setup:
I am also hitting the api via postman. Here is the postman authorization and body ss:
"The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail". Copy the client secret before you save the oauth application. refer to this https://django-oauth-toolkit.readthedocs.io/en/latest/changelog.html#id2