With the Django OAuth Toolkit, Ion supports accessing API and other resources via OAuth2. This allows for applications to be written using the Ion API without the need to prompt for user credentials from within the application. Instead, access tokens are used to gain access to Ion API resources.
Note: All of the examples on the page are targeted towards web applications. They will not work for the purposes of, for example, allowing a program running on your computer to access the Ion API.
If you want to use python-social-auth, a plugin is available in the ion_oauth package. Note that it is not currently actively maintained by the Ion development team and thus may require modification to work properly.
For a Django project, add AUTHENTICATION_BACKENDS=['ion_oauth.oauth.IonOauth2'] and define SOCIAL_AUTH_ION_KEY and SOCIAL_AUTH_ION_SECRET in your settings.py file.
After 36,000 seconds (1 hour), the token will expire; you need to renew it. This can be handled by putting API commands inside a try-except for a oauthlib.oauth2.TokenExpiredError, such as seen above. Alternatively, you can provide “auto_refresh_url=refresh_url, auto_refresh_kwargs=args” as additional arguments to OAuth2Session when it is created.
You can use the simple-oauth2 library to perform authentication. Below is some sample code.
Note: This code will not work out of the box. Read the comments carefully to determine how to integrate it into your application.
varsimpleoauth2=require("simple-oauth2");// make sure these variables are setvarion_client_id=process.env.ION_CLIENT_ID;varion_client_secret=process.env.ION_CLIENT_SECRET;varion_redirect_uri=process.env.ION_REDIRECT_URI;varoauth=simpleoauth2.create({client:{id:ion_client_id,secret:ion_client_secret},auth:{tokenHost:'https://ion.tjhsst.edu/oauth/',authorizePath:'https://ion.tjhsst.edu/oauth/authorize',tokenPath:'https://ion.tjhsst.edu/oauth/token/'}});// 1) when the user visits the site, redirect them to login_url to begin authenticationvarlogin_url=oauth.authorizationCode.authorizeURL({scope:"read",// remove scope: read if you also want write accessredirect_uri:ion_redirect_uri});// 2) on the ion_redirect_uri endpoint, add the following code to process the authenticationvarcode=req.query["code"];// GET parameteroauth.authorizationCode.getToken({code:code,redirect_uri:ion_redirect_uri}).then((result)=>{consttoken=oauth.accessToken.create(result);// you will want to save these variables in your session if you want to make API requestsvarrefresh_token=token.token.refresh_token;varaccess_token=token.token.access_token;varexpires_in=token.token.expires_in;// log the user in});// 3) when making an API request, add the following header:// Authorization: Bearer {{ INSERT ACCESS TOKEN }}// 4) to refresh the access_token, use the following codevartoken=oauth.accessToken.create({"access_token":access_token,"refresh_token":refresh_token,"expires_in":expires_in});if(token.expired()){token.refresh((err,result)=>{token=result;// the new access tokenvaraccess_token=token.token.access_token;});}