Wednesday 2:20 p.m.–2:50 p.m.

OAuth2 and Django, What You Should Know

Jharrod LaFon

Audience level:



OAuth 2.0 is the current version of OAuth, a hotly debated open standard for authorization. Implementing it allows your users to grant access to their data to other services, turning your collection of services into a platform. In this talk I will discuss the options you have for creating your own OAuth 2.0 components with Django, how to use them, and common implementation mistakes.


The OAuth 2.0 specification ironically lacks specificity, leaving the implementer with the challenge of making (potentially) dangerous decisions, which is why it is now called an ‘Authorization Framework’ instead of a protocol. Thankfully, members of the Python and Django communities have stepped up to that challenge, and have provided libraries and documentation for our use. However, it is not as simple as import oauth2. You, as the implementer, still have important decisions to make. Which OAuth2 library should I choose? Do I need my own OAuth 2 provider? How do I verify tokens? Which grant type do I need? In this talk I will discuss these questions, along with others, based on the experiences I have had using Django and other open source libraries to build my own OAuth 2 infrastructure.