Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
django-oauth-toolkit
Advanced tools
- Maintainers
- 5
Django OAuth Toolkit
.. image:: https://jazzband.co/static/img/badge.svg :target: https://jazzband.co/ :alt: Jazzband
OAuth2 goodies for the Djangonauts!
.. image:: https://badge.fury.io/py/django-oauth-toolkit.svg :target: http://badge.fury.io/py/django-oauth-toolkit
.. image:: https://github.com/jazzband/django-oauth-toolkit/workflows/Test/badge.svg :target: https://github.com/jazzband/django-oauth-toolkit/actions :alt: GitHub Actions
.. image:: https://codecov.io/gh/jazzband/django-oauth-toolkit/branch/master/graph/badge.svg :target: https://codecov.io/gh/jazzband/django-oauth-toolkit :alt: Coverage
.. image:: https://img.shields.io/pypi/pyversions/django-oauth-toolkit.svg :target: https://pypi.org/project/django-oauth-toolkit/ :alt: Supported Python versions
.. image:: https://img.shields.io/pypi/djversions/django-oauth-toolkit.svg :target: https://pypi.org/project/django-oauth-toolkit/ :alt: Supported Django versions
If you are facing one or more of the following:
- Your Django app exposes a web API you want to protect with OAuth2 authentication,
- You need to implement an OAuth2 authorization server to provide tokens management for your infrastructure,
Django OAuth Toolkit can help you providing out of the box all the endpoints, data and logic needed to add OAuth2
capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent
OAuthLib <https://github.com/idan/oauthlib>, so that everything is
rfc-compliant <https://rfc-editor.org/rfc/rfc6749.html>.
Reporting security issues
Please report any security issues to the JazzBand security team at security@jazzband.co. Do not file an issue on the tracker.
Requirements
- Python 3.8+
- Django 4.2, 5.0 or 5.1
- oauthlib 3.2.2+
Installation
Install with pip::
pip install django-oauth-toolkit
Add oauth2_provider to your INSTALLED_APPS
.. code-block:: python
INSTALLED_APPS = (
...
'oauth2_provider',
)
If you need an OAuth2 provider you'll want to add the following to your urls.py.
.. code-block:: python
from oauth2_provider import urls as oauth2_urls
urlpatterns = [
...
path('o/', include(oauth2_urls)),
]
Changelog
See CHANGELOG.md <https://github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md>_.
Documentation
The full documentation <https://django-oauth-toolkit.readthedocs.io/>_ is on Read the Docs.
License
django-oauth-toolkit is released under the terms of the BSD license. Full details in LICENSE file.
Help Wanted
We need help maintaining and enhancing django-oauth-toolkit (DOT).
Join the team
Please consider joining `Jazzband <https://jazzband.co>`__ (If not
already a member) and the `DOT project
team <https://jazzband.co/projects/django-oauth-toolkit>`__.
How you can help
See our
contributing <https://django-oauth-toolkit.readthedocs.io/en/latest/contributing.html>__
info and the open
issues <https://github.com/jazzband/django-oauth-toolkit/issues>__ and
PRs <https://github.com/jazzband/django-oauth-toolkit/pulls>,
especially those labeled
help-wanted <https://github.com/jazzband/django-oauth-toolkit/labels/help-wanted>.
Discussions
Have questions or want to discuss the project?
See `the discussions <https://github.com/jazzband/django-oauth-toolkit/discussions>`__.
Submit PRs and Perform Reviews
PR submissions and reviews are always appreciated! Since we require an independent review of any PR before it can be merged, having your second set of eyes looking at PRs is extremely valuable.
Please don’t merge PRs
Please be aware that we don’t want *every* Jazzband member to merge PRs
but just a handful of project team members so that we can maintain a
modicum of control over what goes into a release of this security oriented code base. Only `project
leads <https://jazzband.co/projects/django-oauth-toolkit>`__ are able to
publish releases to Pypi and it becomes difficult when creating a new
release for the leads to deal with “unexpected” merged PRs.
Become a Project Lead
~~~~~~~~~~~~~~~~~~~~~
If you are interested in stepping up to be a Project Lead, please take a look at
the `discussion about this <https://github.com/jazzband/django-oauth-toolkit/discussions/1479>`__.
FAQs
OAuth2 Provider for Django
We found that django-oauth-toolkit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025