Django OAuth Toolkit Is Out!

Kiersten Goza · June 13, 2013

Django OAuth Toolkit Is Out!

An open source library to add OAuth goodies to Django projects

We have just released the latest version of Django OAuth Toolkit, a library to add OAuth goodies to Django projects. The project is under active development and at the moment it offers fully-featured and RFC6749 compliant OAuth2 providers implementation and it runs on Django 1.4, 1.5 and 1.6a1 with Python 2.7 and 3.3.

A brief history

Everything started when we found ourselves in need of implementing an OAuth2 provider for a Django web service. We happily use Django REST framework wherever we have to expose an API, and that was just the case. Django REST framework has built-in support for a third party Django app implementing OAuth providers but soon after this, we faced some pretty significant problems and began searching for an alternative.

Digging around, we stumbled upon this blog post from Daniel Greenfeld: The sorry state of Python OAuth providers. Enough was enough but we were still not sure whether starting another project from scratch was a good idea. This was when we met Daniel at the Django Circus in Warsaw. We talked briefly about the topic and he was very convincing. We started coding as soon as we got back at work.

Why?

When trying to get other people involved in this project, this is the first question we're usually asked: why another project? Instead of complaining about a lack of other options, we tend to respond to this question with a list of what we’ve got so far that others probably don't: features and goodies we developers really need!

DRY

We think oauthlib is currently a state-of-the-art OAuth library within the Python world. We choose to rely on this well-documented, well-supported, active project instead of write one of our own, with all the FUD that would come with such an endeavor.

Documentation

OAuth protocol can be quite mind boggling. We think writing good docs is mandatory when the code may be quite simple but the workflow really complicated. We are also putting a lot of effort into writing tutorials, as one line of code is worth a thousand words (especially with OAuth workflows :-).

Testing

I'm not referring to Unit testing here (even though we do our best to keep coverage over 95% ;-) but to some stuff users can actually adopt to test their applications on a real OAuth2 workflow. In some circumstances, OAuth2 applications need a companion to exchange tokens, provide authorizations and so on. We deployed an OAuth2 playground on Heroku to let users perform a roundtrip between their local apps and a real server (or client, depending on the case).

Timezone aware

We strongly believe that if your dates and times are not timezone aware, they're broken. Enough said.

Python 3

In the never ending effort of porting our codebase to Python 3, we cannot rely anymore on libraries and tools which do not have at least some kind of roadmap for the porting. Django OAuth Toolkit is already working with both Python 2.7 and 3.3.

Support

We're working hard on the project also because we're using it internally in our company, so we can guarantee our full support on the middle and hopefully longer term, depending on the success it finds in the Django world.

We want you!

As any other Open Source project, we're nothing without a community: any help is appreciated, code of course but also docs, testing and any kind of feedback. Fork the project, take a ride, fill some PRs!