Storing OAuth credentials in Django models
A common requirement for my Django apps is to interact with third-party APIs on behalf of its users, most of which use OAuth for authentication. I now realise Python Social Auth is a solution but I wasn’t aware of it at the time. In any case, here’s my approach in case the aforementioned package doesn’t fit your needs.
My apps use Requests OAuthlib which provides a Requests Session object that does the OAuth magic behind the scenes.
This will store the access & refresh tokens as well as their metadata (expiry, etc), and have the static parameters such as client ID, client secret, on it as attributes.
class BaseOAuthModel(models.Model): class Meta: abstract = True refresh_token = models.TextField() access_token = models.TextField() expires_at = models.DateTimeField() token_type = models.TextField() objects =
Continue reading →