OAuthΒΆ
Flask-REST-JSONAPI support OAuth via Flask-OAuthlib
Example:
from flask import Flask
from flask_rest_jsonapi import Api
from flask_oauthlib.provider import OAuth2Provider
app = Flask(__name__)
oauth2 = OAuth2Provider()
api = Api()
api.init_app(app)
api.oauth_manager(oauth2)
In this example Flask-REST-JSONAPI will protect all your resource methods with this decorator
oauth2.require_oauth(<scope>)
The pattern of the scope is like that
<action>_<resource_type>
Where action is:
- list: for the get method of a ResourceList
- create: for the post method of a ResourceList
- get: for the get method of a ResourceDetail
- update: for the patch method of a ResourceDetail
- delete: for the delete method of a ResourceDetail
Example
list_person
If you want to customize the scope you can provide a function that computes your custom scope. The function have to looks like that:
def get_scope(resource, method):
"""Compute the name of the scope for oauth
:param Resource resource: the resource manager
:param str method: an http method
:return str: the name of the scope
"""
return 'custom_scope'
Usage example:
from flask import Flask
from flask_rest_jsonapi import Api
from flask_oauthlib.provider import OAuth2Provider
app = Flask(__name__)
oauth2 = OAuth2Provider()
api = Api()
api.init_app(app)
api.oauth_manager(oauth2)
api.scope_setter(get_scope)
Note
You can name the custom scope computation method as you want but you have to set the 2 required parameters: resource and method like in this previous example.
If you want to disable OAuth or make custom methods protection for a resource you can add this option to the resource manager.
Example:
from flask_rest_jsonapi import ResourceList
from your_project.extensions import oauth2
class PersonList(ResourceList):
disable_oauth = True
@oauth2.require_oauth('custom_scope')
def get(*args, **kwargs):
return 'Hello world !'
