Django OAuth Toolkit Is Out!
An open source library to add OAuth goodies to Django projects
We have just released the latest version of Django OAuth Toolkit, a library to add OAuth goodies to Django projects. The project is under active development and at the moment it offers fully-featured and RFC6749 compliant OAuth2 providers implementation and it runs on Django 1.4, 1.5 and 1.6a1 with Python 2.7 and 3.3.
A brief history
Everything started when we found ourselves in need of implementing an OAuth2 provider for a Django web service. We happily use Django REST framework wherever we have to expose an API, and that was just the case. Django REST framework has built-in support for a third party Django app implementing OAuth providers but soon after this, we faced some pretty significant problems and began searching for an alternative.
Digging around, we stumbled upon this blog post from Daniel Greenfeld: The sorry state of Python OAuth providers. Enough was enough but we were still not sure whether starting another project from scratch was a good idea. This was when we met Daniel at the Django Circus in Warsaw. We talked briefly about the topic and he was very convincing. We started coding as soon as we got back at work.
Why?
When trying to get other people involved in this project, this is the first question we're usually asked: why another project? Instead of complaining about a lack of other options, we tend to respond to this question with a list of what we’ve got so far that others probably don't: features and goodies we developers really need!DRY
We think oauthlib is currently a state-of-the-art OAuth library within the Python world. We choose to rely on this well-documented, well-supported, active project instead of write one of our own, with all the FUD that would come with such an endeavor.
Documentation
OAuth protocol can be quite mind boggling. We think writing good docs is mandatory when the code may be quite simple but the workflow really complicated. We are also putting a lot of effort into writing tutorials, as one line of code is worth a thousand words (especially with OAuth workflows :-).
Testing
I'm not referring to Unit testing here (even though we do our best to keep coverage over 95% ;-) but to some stuff users can actually adopt to test their applications on a real OAuth2 workflow. In some circumstances, OAuth2 applications need a companion to exchange tokens, provide authorizations and so on. We deployed an OAuth2 playground on Heroku to let users perform a roundtrip between their local apps and a real server (or client, depending on the case).