Setup OAuth2 client for Django in 5 minutes
This article explains how to setup OAuth2 client for Django in 5 minutes, it’s used for Web service which requires user to login by OAuth2, especially for those who are familiar with OAuth2.0 but unfamiliar with Django.
If you have no idea about OAuth2.0 workflow, please visit OAuth2 net
The example here introduces Web service implements the OAuth2 workflow, the user must login first then he can see the web content. The Web Framework is Python Django, the OAuth library we use is
Authlib==0.14.1. It supports user session persistence and auto-refresh access_token.
If we consider using Github as the authorization server, first you need to register a new OAuth application in Github, then you’ll have you credentials.
Secondly, setup OAuth settings in
# OAuth Settings
Pay attention, the redirect uri should be the one your server will use to fetch access token and setup user session, I setup
/oauth/callback here, the logic will be introduced in middleware.
For each user request, the server will check user’s session and see if user has logined, in both Django or other Web frameworks, we could setup middleware to handle user requests.
Use the OAuth configuration to initialize the OAuth client.
def update_token(token, refresh_token, access_token):
update_token parameter is used to refresh the access_token when it’s expired.
After the user authorizes the login, our server should fetch the access_token from the authorization server and store it in user session.
access_token is ready, fetch the user info from the resource API, otherwise redirect user to the authorization page.
settings.py, put the middleware class to the array.
MIDDLEWARE = [
We use Django session module and the default storage is
sqlite3, you can simply change it to other backends like
redis by modifying
The full repository is located at https://github.com/songrgg/oauth-demo.