In order to get started we just need to put our endpoint behind OAuth2 authentication. We can do this simply by importing the authentication class from the entry package and putting it into our resource:
from entry.api.auth.OAuth2 import OAuth2class UserResource(Resource, JsonSerialize, OAuth2):model = User
Great! Now we have full OAuth2 support.
We can simply add all the routes we need for this endpoint by importing and adding them to the routes list:
from entry.api.controllers import OAuth2ControllerROUTES = [...OAuth2Controller.routes()...]
Some of these routes are POST routes. Because they are externally facing, they should not be under CSRF protection. If you are using these routes internally then it might be worth it to keep the CSRF protection on and just pass the CSRF token you receive on that page load.
You can turn off CSRF protection on specific routes by adding them to your exempt attribute on your
class CsrfMiddleware:exempt = ['/oauth/token','/oauth2/authorize','/oauth2/refresh']...
Although this package can handle most use cases, you will likely want to tweak how tokens are authenticated or how long tokens are good for. The best way to do this will be to publish the controller or authentication classes to your application so you can use them yourself.
Publishing simply moves them from the package and into your application.
You can publish a controller by running:
$ craft entry:publish --controller OAuth2Controller
or publish an authentication class:
$ craft entry:publish --auth OAuth2
You can also specify a location:
$ craft entry:publish --controller OAuth2Controller --path app/api/entry
Here are a list of classes that you can publish:
Now that we have new routes, let's explain what they are: