From 15f6e373e5d6d4a33fd442b0b8dea18ba32c6454 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 02:18:22 +0900 Subject: [PATCH 01/15] docs: fix typos --- docs/advanced_topics.rst | 2 +- docs/getting_started.rst | 2 +- docs/tutorial/tutorial_01.rst | 2 +- docs/views/class_based.rst | 2 +- docs/views/function_based.rst | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/advanced_topics.rst b/docs/advanced_topics.rst index d92d71b12..2aa5b6a96 100644 --- a/docs/advanced_topics.rst +++ b/docs/advanced_topics.rst @@ -109,7 +109,7 @@ Overriding views ================ You may want to override whole views from Django OAuth Toolkit, for instance if you want to -change the login view for unregistred users depending on some query params. +change the login view for unregistered users depending on some query params. In order to do that, you need to write a custom urlpatterns diff --git a/docs/getting_started.rst b/docs/getting_started.rst index 388afa300..3af6b50cc 100644 --- a/docs/getting_started.rst +++ b/docs/getting_started.rst @@ -42,7 +42,7 @@ Create a Django project:: django-admin startproject iam -This will create a mysite directory in your current directory. With the following estructure:: +This will create a mysite directory in your current directory. With the following structure:: . └── iam diff --git a/docs/tutorial/tutorial_01.rst b/docs/tutorial/tutorial_01.rst index a7bf20466..f5a3c4259 100644 --- a/docs/tutorial/tutorial_01.rst +++ b/docs/tutorial/tutorial_01.rst @@ -117,7 +117,7 @@ process we'll explain shortly) Test Your Authorization Server ------------------------------ Your authorization server is ready and can begin issuing access tokens. To test the process you need an OAuth2 -consumer; if you are familiar enough with OAuth2, you can use curl, requests, or anything that speaks http. +consumer; if you are familiar enough with OAuth2, you can use curl, requests, or anything that speaks HTTP. For this tutorial, we suggest using [Postman](https://www.postman.com/downloads/) : diff --git a/docs/views/class_based.rst b/docs/views/class_based.rst index 543ed58bb..d5573a600 100644 --- a/docs/views/class_based.rst +++ b/docs/views/class_based.rst @@ -38,7 +38,7 @@ using the *Class Based View* approach. .. class:: ReadWriteScopedResourceView(ReadWriteScopedResourceMixin, ProtectedResourceView): A view that provides OAuth2 authentication and read/write default scopes. - ``GET``, ``HEAD``, ``OPTIONS`` http methods require ``read`` scope, others methods + ``GET``, ``HEAD``, ``OPTIONS`` HTTP methods require ``read`` scope, others methods need the ``write`` scope. If you need, you can always specify an additional list of scopes in the ``required_scopes`` field:: diff --git a/docs/views/function_based.rst b/docs/views/function_based.rst index cc0650bd9..c7b88ba9f 100644 --- a/docs/views/function_based.rst +++ b/docs/views/function_based.rst @@ -43,7 +43,7 @@ Django OAuth Toolkit provides decorators to help you in protecting your function .. function:: rw_protected_resource(scopes=None, validator_cls=OAuth2Validator, server_cls=Server) Decorator to protect views by providing OAuth2 authentication and read/write scopes out of the - box. GET, HEAD, OPTIONS http methods require "read" scope. + box. GET, HEAD, OPTIONS HTTP methods require "read" scope. Otherwise "write" scope is required:: from oauth2_provider.decorators import rw_protected_resource From 908286d4b2bcc65aa86759f0fe88aa79ba4b8aee Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 02:21:03 +0900 Subject: [PATCH 02/15] docs: fix broken links --- docs/tutorial/tutorial_01.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/tutorial/tutorial_01.rst b/docs/tutorial/tutorial_01.rst index f5a3c4259..9f1ace1bd 100644 --- a/docs/tutorial/tutorial_01.rst +++ b/docs/tutorial/tutorial_01.rst @@ -119,7 +119,7 @@ Test Your Authorization Server Your authorization server is ready and can begin issuing access tokens. To test the process you need an OAuth2 consumer; if you are familiar enough with OAuth2, you can use curl, requests, or anything that speaks HTTP. -For this tutorial, we suggest using [Postman](https://www.postman.com/downloads/) : +For this tutorial, we suggest using `Postman `_. Open up the Authorization tab under a request and, for this tutorial, set the fields as follows: @@ -150,7 +150,7 @@ again to the consumer service. Possible errors: -* loginTemplate: If you are not redirected to the correct page after logging in successfully, you probably need to `setup your login template correctly`__. +* loginTemplate: If you are not redirected to the correct page after logging in successfully, you probably need to `setup your login template correctly `_. * invalid client: client id and client secret needs to be correct. Secret cannot be copied from Django admin after creation. (but you can reset it by pasting the same random string into Django admin and into Postman, to avoid recreating the app) * invalid callback url: Add the postman link into your app in Django admin. From 25ab3bac54ff8aa93e03ed10c926eb58a9fea568 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 02:22:20 +0900 Subject: [PATCH 03/15] docs: use note block syntax --- docs/advanced_topics.rst | 2 +- docs/rest-framework/getting_started.rst | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/advanced_topics.rst b/docs/advanced_topics.rst index 2aa5b6a96..c597312fa 100644 --- a/docs/advanced_topics.rst +++ b/docs/advanced_topics.rst @@ -61,7 +61,7 @@ to the migration class. That's all, now Django OAuth Toolkit will use your model wherever an Application instance is needed. - **Notice:** `OAUTH2_PROVIDER_APPLICATION_MODEL` is the only setting variable that is not namespaced, this +.. note:: ``OAUTH2_PROVIDER_APPLICATION_MODEL`` is the only setting variable that is not namespaced, this is because of the way Django currently implements swappable models. See issue #90 (https://github.com/jazzband/django-oauth-toolkit/issues/90) for details diff --git a/docs/rest-framework/getting_started.rst b/docs/rest-framework/getting_started.rst index bff2b9017..107c8b2a3 100644 --- a/docs/rest-framework/getting_started.rst +++ b/docs/rest-framework/getting_started.rst @@ -4,9 +4,7 @@ Getting started Django OAuth Toolkit provide a support layer for `Django REST Framework `_. This tutorial is based on the Django REST Framework example and shows you how to easily integrate with it. -**NOTE** - -The following code has been tested with Django 2.0.3 and Django REST Framework 3.7.7 +.. note:: The following code has been tested with Django 2.0.3 and Django REST Framework 3.7.7 Step 1: Minimal setup --------------------- From 7b38eae1a875d10ddcd7cfaa91898ec0f86ea086 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 02:24:27 +0900 Subject: [PATCH 04/15] docs: linkify github issue link --- docs/advanced_topics.rst | 2 +- docs/settings.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/advanced_topics.rst b/docs/advanced_topics.rst index c597312fa..6ffbd7121 100644 --- a/docs/advanced_topics.rst +++ b/docs/advanced_topics.rst @@ -63,7 +63,7 @@ That's all, now Django OAuth Toolkit will use your model wherever an Application .. note:: ``OAUTH2_PROVIDER_APPLICATION_MODEL`` is the only setting variable that is not namespaced, this is because of the way Django currently implements swappable models. - See issue #90 (https://github.com/jazzband/django-oauth-toolkit/issues/90) for details + See `issue #90 `_ for details. Multiple Grants ~~~~~~~~~~~~~~~ diff --git a/docs/settings.rst b/docs/settings.rst index c64c24954..d23866f2b 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -4,7 +4,7 @@ Settings Our configurations are all namespaced under the `OAUTH2_PROVIDER` settings with the exception of `OAUTH2_PROVIDER_APPLICATION_MODEL, OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL, OAUTH2_PROVIDER_GRANT_MODEL, OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL`: this is because of the way Django currently implements -swappable models. See issue #90 (https://github.com/jazzband/django-oauth-toolkit/issues/90) for details. +swappable models. See `issue #90 `_ for details. For example: From 104cdc5ec4e008d93e34d2c4ea723d82c653b2d2 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 02:25:00 +0900 Subject: [PATCH 05/15] docs: remove extra space --- docs/settings.rst | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/settings.rst b/docs/settings.rst index d23866f2b..1304fdeb0 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -281,11 +281,6 @@ According to `OAuth 2.0 Security Best Current Practice `_ - For confidential clients, the use of PKCE `RFC7636 `_ is RECOMMENDED. - - - - - OIDC_RSA_PRIVATE_KEY ~~~~~~~~~~~~~~~~~~~~ Default: ``""`` From 4eff4ce774edc68d128c924ca6adcac6fa07a18a Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:17:01 +0900 Subject: [PATCH 06/15] docs: apply reStructuredText literal syntax --- docs/advanced_topics.rst | 14 ++++---- docs/contributing.rst | 48 ++++++++++++------------- docs/install.rst | 6 ++-- docs/management_commands.rst | 2 +- docs/rest-framework/getting_started.rst | 20 +++++------ docs/settings.rst | 36 +++++++++---------- docs/signals.rst | 4 +-- docs/tutorial/tutorial_02.rst | 10 +++--- docs/tutorial/tutorial_03.rst | 26 +++++++------- docs/tutorial/tutorial_04.rst | 8 ++--- docs/tutorial/tutorial_05.rst | 10 +++--- docs/views/application.rst | 6 ++-- docs/views/function_based.rst | 6 ++-- docs/views/token.rst | 4 +-- 14 files changed, 100 insertions(+), 100 deletions(-) diff --git a/docs/advanced_topics.rst b/docs/advanced_topics.rst index 6ffbd7121..d3db324b2 100644 --- a/docs/advanced_topics.rst +++ b/docs/advanced_topics.rst @@ -31,7 +31,7 @@ Django OAuth Toolkit lets you extend the AbstractApplication model in a fashion custom user models. If you need, let's say, application logo and user agreement acceptance field, you can do this in -your Django app (provided that your app is in the list of the INSTALLED_APPS in your settings +your Django app (provided that your app is in the list of the ``INSTALLED_APPS`` in your settings module):: from django.db import models @@ -47,8 +47,8 @@ Write something like this in your settings module:: OAUTH2_PROVIDER_APPLICATION_MODEL='your_app_name.MyApplication' Be aware that, when you intend to swap the application model, you should create and run the -migration defining the swapped application model prior to setting OAUTH2_PROVIDER_APPLICATION_MODEL. -You'll run into models.E022 in Core system checks if you don't get the order right. +migration defining the swapped application model prior to setting ``OAUTH2_PROVIDER_APPLICATION_MODEL``. +You'll run into ``models.E022`` in Core system checks if you don't get the order right. You can force your migration providing the custom model to run in the right order by adding:: @@ -69,7 +69,7 @@ Multiple Grants ~~~~~~~~~~~~~~~ The default application model supports a single OAuth grant (e.g. authorization code, client credentials). If you need -applications to support multiple grants, override the `allows_grant_type` method. For example, if you want applications +applications to support multiple grants, override the ``allows_grant_type`` method. For example, if you want applications to support the authorization code *and* client credentials grants, you might do the following:: from oauth2_provider.models import AbstractApplication @@ -86,12 +86,12 @@ Skip authorization form Depending on the OAuth2 flow in use and the access token policy, users might be prompted for the same authorization multiple times: sometimes this is acceptable or even desirable but other times it isn't. -To control DOT behaviour you can use the `approval_prompt` parameter when hitting the authorization endpoint. +To control DOT behaviour you can use the ``approval_prompt`` parameter when hitting the authorization endpoint. Possible values are: -* `force` - users are always prompted for authorization. +* ``force`` - users are always prompted for authorization. -* `auto` - users are prompted only the first time, subsequent authorizations for the same application +* ``auto`` - users are prompted only the first time, subsequent authorizations for the same application and scopes will be automatically accepted. Skip authorization completely for trusted applications diff --git a/docs/contributing.rst b/docs/contributing.rst index 1d88bc4b0..2bae08213 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -12,7 +12,7 @@ This is a `Jazzband `_ project. By contributing you agree t Setup ===== -Fork `django-oauth-toolkit` repository on `GitHub `_ and follow these steps: +Fork ``django-oauth-toolkit`` repository on `GitHub `_ and follow these steps: * Create a virtualenv and activate it * Clone your repository locally @@ -55,14 +55,14 @@ is a better way to structure the code so that it is more readable. Documentation ============= -You can edit the documentation by editing files in ``docs/``. This project +You can edit the documentation by editing files in :file:`docs/`. This project uses sphinx to turn ``ReStructuredText`` into the HTML docs you are reading. In order to build the docs in to HTML, you can run:: tox -e docs -This will build the docs, and place the result in ``docs/_build/html``. +This will build the docs, and place the result in :file:`docs/_build/html`. Alternatively, you can run:: tox -e livedocs @@ -89,7 +89,7 @@ For example, to add Deutsch:: cd oauth2_provider django-admin makemessages --locale de -Then edit ``locale/de/LC_MESSAGES/django.po`` to add your translations. +Then edit :file:`locale/de/LC_MESSAGES/django.po` to add your translations. When deploying your app, don't forget to compile the messages with:: @@ -108,8 +108,8 @@ And, if a new migration is needed, use:: django-admin makemigrations --settings tests.mig_settings -Auto migrations frequently have ugly names like `0004_auto_20200902_2022`. You can make your migration -name "better" by adding the `-n name` option:: +Auto migrations frequently have ugly names like ``0004_auto_20200902_2022``. You can make your migration +name "better" by adding the ``-n name`` option:: django-admin makemigrations --settings tests.mig_settings -n widget @@ -117,7 +117,7 @@ name "better" by adding the `-n name` option:: Pull requests ============= -Please avoid providing a pull request from your `master` and use **topic branches** instead; you can add as many commits +Please avoid providing a pull request from your ``master`` and use **topic branches** instead; you can add as many commits as you want but please keep them in one branch which aims to solve one single issue. Then submit your pull request. To create a topic branch, simply do:: @@ -129,7 +129,7 @@ When you're ready to submit your pull request, first push the topic branch to yo git push origin fix-that-issue Now you can go to your repository dashboard on GitHub and open a pull request starting from your topic branch. You can -apply your pull request to the `master` branch of django-oauth-toolkit (this should be the default behaviour of GitHub +apply your pull request to the ``master`` branch of django-oauth-toolkit (this should be the default behaviour of GitHub user interface). When you begin your PR, you'll be asked to provide the following: @@ -150,29 +150,29 @@ When you begin your PR, you'll be asked to provide the following: * Update the documentation (in `docs/`) to describe the new or changed functionality. -* Update `CHANGELOG.md` (only for user relevant changes). We use `Keep A Changelog `_ +* Update ``CHANGELOG.md`` (only for user relevant changes). We use `Keep A Changelog `_ format which categorizes the changes as: - * `Added` for new features. + * ``Added`` for new features. - * `Changed` for changes in existing functionality. + * ``Changed`` for changes in existing functionality. - * `Deprecated` for soon-to-be removed features. + * ``Deprecated`` for soon-to-be removed features. - * `Removed` for now removed features. + * ``Removed`` for now removed features. - * `Fixed` for any bug fixes. + * ``Fixed`` for any bug fixes. - * `Security` in case of vulnerabilities. (Please report any security issues to the - JazzBand security team ``. Do not file an issue on the tracker + * ``Security`` in case of vulnerabilities. (Please report any security issues to the + JazzBand security team ````. Do not file an issue on the tracker or submit a PR until directed to do so.) -* Make sure your name is in `AUTHORS`. We want to give credit to all contributors! +* Make sure your name is in :file:`AUTHORS`. We want to give credit to all contributors! If your PR is not yet ready to be merged mark it as a Work-in-Progress -By prepending `WIP:` to the PR title so that it doesn't get inadvertently approved and merged. +By prepending ``WIP:`` to the PR title so that it doesn't get inadvertently approved and merged. -Make sure to request a review by assigning Reviewer `jazzband/django-oauth-toolkit`. +Make sure to request a review by assigning Reviewer ``jazzband/django-oauth-toolkit``. This will assign the review to the project team and a member will review it. In the meantime you can continue to add commits to your topic branch (and push them up to GitHub) either if you see something that needs changing, or in response to a reviewer's comments. If a reviewer asks for changes, you do not need to close the pull and reissue it @@ -251,7 +251,7 @@ You can check your coverage locally with the `coverage &client_id=&client_secret=" http://localhost:8000/o/token/ -Your response should be similar to your first access_token request, containing a new access_token and refresh_token: +Your response should be similar to your first ``access_token`` request, containing a new access_token and refresh_token: .. code-block:: javascript @@ -218,7 +218,7 @@ Let's try to access resources using a token with a restricted scope adding a `sc curl -X POST -d "grant_type=password&username=&password=&scope=read" -u":" http://localhost:8000/o/token/ -As you can see the only scope provided is `read`: +As you can see the only scope provided is ``read``: .. code-block:: javascript @@ -238,7 +238,7 @@ We now try to access our resources: curl -H "Authorization: Bearer " http://localhost:8000/users/ curl -H "Authorization: Bearer " http://localhost:8000/users/1/ -Ok, this one works since users read only requires `read` scope. +OK, this one works since users read only requires ``read`` scope. :: @@ -248,5 +248,5 @@ Ok, this one works since users read only requires `read` scope. # 'write' scope needed curl -H "Authorization: Bearer " -X POST -d"username=foo&password=bar" http://localhost:8000/users/ -You'll get a `"You do not have permission to perform this action"` error because your access_token does not provide the -required scopes `groups` and `write`. +You'll get a ``"You do not have permission to perform this action"`` error because your access_token does not provide the +required scopes ``groups`` and ``write``. diff --git a/docs/settings.rst b/docs/settings.rst index 1304fdeb0..fabcc7c0c 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -1,9 +1,9 @@ Settings ======== -Our configurations are all namespaced under the `OAUTH2_PROVIDER` settings with the exception of -`OAUTH2_PROVIDER_APPLICATION_MODEL, OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL, OAUTH2_PROVIDER_GRANT_MODEL, -OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL`: this is because of the way Django currently implements +Our configurations are all namespaced under the ``OAUTH2_PROVIDER`` settings with the exception of +``OAUTH2_PROVIDER_APPLICATION_MODEL``, ``OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL``, ``OAUTH2_PROVIDER_GRANT_MODEL``, +``OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL``: this is because of the way Django currently implements swappable models. See `issue #90 `_ for details. For example: @@ -45,7 +45,7 @@ this value if you wrote your own implementation (subclass of ACCESS_TOKEN_GENERATOR ~~~~~~~~~~~~~~~~~~~~~~ Import path of a callable used to generate access tokens. -oauthlib.oauth2.rfc6749.tokens.random_token_generator is (normally) used if not provided. +``oauthlib.oauth2.rfc6749.tokens.random_token_generator`` is (normally) used if not provided. ALLOWED_REDIRECT_URI_SCHEMES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -187,8 +187,8 @@ this value if you wrote your own implementation (subclass of ROTATE_REFRESH_TOKEN ~~~~~~~~~~~~~~~~~~~~ -When is set to `True` (default) a new refresh token is issued to the client when the client refreshes an access token. -If `False`, it will reuse the same refresh token and only update the access token with a new token value. +When is set to ``True`` (default) a new refresh token is issued to the client when the client refreshes an access token. +If ``False``, it will reuse the same refresh token and only update the access token with a new token value. See also: validator's rotate_refresh_token method can be overridden to make this variable (could be usable with expiring refresh tokens, in particular, so that they are rotated when close to expiration, theoretically). @@ -210,7 +210,7 @@ Defaults to ``oauth2_provider.scopes.SettingsScopes``, which reads scopes throug SCOPES ~~~~~~ -.. note:: (0.12.0+) Only used if `SCOPES_BACKEND_CLASS` is set to the SettingsScopes default. +.. note:: (0.12.0+) Only used if ``ACCESS_TOKEN_GENERATOR`` is set to the SettingsScopes default. A dictionary mapping each scope name to its human description. @@ -218,11 +218,11 @@ A dictionary mapping each scope name to its human description. DEFAULT_SCOPES ~~~~~~~~~~~~~~ -.. note:: (0.12.0+) Only used if `SCOPES_BACKEND_CLASS` is set to the SettingsScopes default. +.. note:: (0.12.0+) Only used if ``ACCESS_TOKEN_GENERATOR`` is set to the SettingsScopes default. A list of scopes that should be returned by default. -This is a subset of the keys of the SCOPES setting. -By default this is set to '__all__' meaning that the whole set of SCOPES will be returned. +This is a subset of the keys of the ``SCOPES`` setting. +By default this is set to ``'__all__'`` meaning that the whole set of ``SCOPES`` will be returned. .. code-block:: python @@ -230,13 +230,13 @@ By default this is set to '__all__' meaning that the whole set of SCOPES will be READ_SCOPE ~~~~~~~~~~ -.. note:: (0.12.0+) Only used if `SCOPES_BACKEND_CLASS` is set to the SettingsScopes default. +.. note:: (0.12.0+) Only used if ``ACCESS_TOKEN_GENERATOR`` is set to the SettingsScopes default. The name of the *read* scope. WRITE_SCOPE ~~~~~~~~~~~ -.. note:: (0.12.0+) Only used if `SCOPES_BACKEND_CLASS` is set to the SettingsScopes default. +.. note:: (0.12.0+) Only used if ``ACCESS_TOKEN_GENERATOR`` is set to the SettingsScopes default. The name of the *write* scope. @@ -248,8 +248,8 @@ Only applicable when used with `Django REST Framework `_ +When is set to ``False`` (default) the `OpenID Connect RP-Initiated Logout `_ endpoint is not enabled. OpenID Connect RP-Initiated Logout enables an :term:`Client` (Relying Party) to request that a :term:`Resource Owner` (End User) is logged out at the :term:`Authorization Server` (OpenID Provider). @@ -351,7 +351,7 @@ OIDC_RP_INITIATED_LOGOUT_DELETE_TOKENS Default: ``True`` Whether to delete the access, refresh and ID tokens of the user that is being logged out. -The types of applications for which tokens are deleted can be customized with `RPInitiatedLogoutView.token_types_to_delete`. +The types of applications for which tokens are deleted can be customized with ``RPInitiatedLogoutView.token_types_to_delete``. The default is to delete the tokens of all applications if this flag is enabled. OIDC_ISS_ENDPOINT @@ -407,7 +407,7 @@ Default: ``0`` Time of sleep in seconds used by ``cleartokens`` management command between batch deletions. -Set this to a non-zero value (e.g. `0.1`) to add a pause between batch sizes to reduce system +Set this to a non-zero value (e.g. ``0.1``) to add a pause between batch sizes to reduce system load when clearing large batches of expired tokens. diff --git a/docs/signals.rst b/docs/signals.rst index fe696ae2c..f35832af5 100644 --- a/docs/signals.rst +++ b/docs/signals.rst @@ -4,7 +4,7 @@ Signals Django-oauth-toolkit sends messages to various signals, depending on the action that has been triggered. -You can easily import signals from `oauth2_provider.signals` and attach your +You can easily import signals from ``oauth2_provider.signals`` and attach your own listeners. For example: @@ -20,5 +20,5 @@ For example: Currently supported signals are: -* `oauth2_provider.signals.app_authorized` - fired once an oauth code has been +* ``oauth2_provider.signals.app_authorized`` - fired once an oauth code has been authorized and an access token has been granted diff --git a/docs/tutorial/tutorial_02.rst b/docs/tutorial/tutorial_02.rst index cdc94540c..556eb6356 100644 --- a/docs/tutorial/tutorial_02.rst +++ b/docs/tutorial/tutorial_02.rst @@ -14,7 +14,7 @@ to provide an API to access some kind of resources. We don't need an actual reso endpoint protected with OAuth2: let's do it in a *class based view* fashion! Django OAuth Toolkit provides a set of generic class based view you can use to add OAuth behaviour to your views. Open -your `views.py` module and import the view: +your :file:`views.py` module and import the view: .. code-block:: python @@ -29,7 +29,7 @@ Then create the view which will respond to the API endpoint: def get(self, request, *args, **kwargs): return HttpResponse('Hello, OAuth2!') -That's it, our API will expose only one method, responding to `GET` requests. Now open your `urls.py` and specify the +That's it, our API will expose only one method, responding to ``GET`` requests. Now open your :file:`urls.py` and specify the URL this view will respond to: .. code-block:: python @@ -73,15 +73,15 @@ URL this view will respond to: You will probably want to write your own application views to deal with permissions and access control but the ones packaged with the library can get you started when developing the app. -Since we inherit from `ProtectedResourceView`, we're done and our API is OAuth2 protected - for the sake of the lazy +Since we inherit from ``ProtectedResourceView``, we're done and our API is OAuth2 protected - for the sake of the lazy programmer. Testing your API ---------------- Time to make requests to your API. -For a quick test, try accessing your app at the url `/api/hello` with your browser -and verify that it responds with a `403` (in fact no `HTTP_AUTHORIZATION` header was provided). +For a quick test, try accessing your app at the url ``/api/hello`` with your browser +and verify that it responds with a ``403`` (in fact no ``HTTP_AUTHORIZATION`` header was provided). You can test your API with anything that can perform HTTP requests, but for this tutorial you can use the online `consumer client `_. Just fill the form with the URL of the API endpoint (i.e. http://localhost:8000/api/hello if you're on localhost) and diff --git a/docs/tutorial/tutorial_03.rst b/docs/tutorial/tutorial_03.rst index ef5d57969..a9e063785 100644 --- a/docs/tutorial/tutorial_03.rst +++ b/docs/tutorial/tutorial_03.rst @@ -31,28 +31,28 @@ which takes care of token verification. In your settings.py: '...', ] -You will likely use the `django.contrib.auth.backends.ModelBackend` along with the OAuth2 backend +You will likely use the ``django.contrib.auth.backends.ModelBackend`` along with the OAuth2 backend (or you might not be able to log in into the admin), only pay attention to the order in which Django processes authentication backends. -If you put the OAuth2 backend *after* the AuthenticationMiddleware and `request.user` is valid, -the backend will do nothing; if `request.user` is the Anonymous user it will try to authenticate +If you put the OAuth2 backend *after* the ``AuthenticationMiddleware`` and ``request.user`` is valid, +the backend will do nothing; if ``request.user`` is the Anonymous user it will try to authenticate the user using the OAuth2 access token. -If you put the OAuth2 backend *before* AuthenticationMiddleware, or AuthenticationMiddleware is +If you put the OAuth2 backend *before* ``AuthenticationMiddleware``, or AuthenticationMiddleware is not used at all, it will try to authenticate user with the OAuth2 access token and set -`request.user` and `request._cached_user` fields so that AuthenticationMiddleware (when active) +``request.user`` and ``request._cached_user`` fields so that AuthenticationMiddleware (when active) will not try to get user from the session. -If you use AuthenticationMiddleware, be sure it appears before OAuth2TokenMiddleware. -However AuthenticationMiddleware is NOT required for using django-oauth-toolkit. +If you use ``AuthenticationMiddleware``, be sure it appears before ``OAuth2TokenMiddleware``. +However ``AuthenticationMiddleware`` is NOT required for using ``django-oauth-toolkit``. -Note, `OAuth2TokenMiddleware` adds the user to the request object. There is also an optional `OAuth2ExtraTokenMiddleware` that adds the `Token` to the request. This makes it convenient to access the `Application` object within your views. To use it just add `oauth2_provider.middleware.OAuth2ExtraTokenMiddleware` to the `MIDDLEWARE` setting. +Note, ``OAuth2TokenMiddleware`` adds the user to the request object. There is also an optional ``OAuth2ExtraTokenMiddleware`` that adds the ``Token`` to the request. This makes it convenient to access the ``Application`` object within your views. To use it just add ``oauth2_provider.middleware.OAuth2ExtraTokenMiddleware`` to the ``MIDDLEWARE`` setting. Protect your view ----------------- -The authentication backend will run smoothly with, for example, `login_required` decorators, so -that you can have a view like this in your `views.py` module: +The authentication backend will run smoothly with, for example, ``login_required`` decorators, so +that you can have a view like this in your :file:`views.py` module: .. code-block:: python @@ -75,7 +75,7 @@ To check everything works properly, mount the view above to some url: You should have an :term:`Application` registered at this point, if you don't, follow the steps in the previous tutorials to create one. Obtain an :term:`Access Token`, either following the OAuth2 flow of your application or manually creating in the Django admin. -Now supposing your access token value is `123456` you can try to access your authenticated view: +Now supposing your access token value is ``123456`` you can try to access your authenticated view: :: @@ -92,7 +92,7 @@ It would be nice to reuse those views **and** support token handling. Instead of those classes to be ProtectedResourceView based, the solution is much simpler than that. Assume you have already modified the settings as was already shown. -The key is setting a class attribute to override the default *permissions_classes* with something that will use our :term:`Access Token` properly. +The key is setting a class attribute to override the default ``permissions_classes`` with something that will use our :term:`Access Token` properly. .. code-block:: python @@ -107,7 +107,7 @@ The key is setting a class attribute to override the default *permissions_classe permission_classes = [TokenHasReadWriteScope] Note that this example overrides the Django default permission class setting. There are several other -ways this can be solved. Overriding the class function *get_permission_classes* is another way +ways this can be solved. Overriding the class function ``get_permission_classes`` is another way to solve the problem. A detailed dive into the `Django REST framework permissions is here. `_ diff --git a/docs/tutorial/tutorial_04.rst b/docs/tutorial/tutorial_04.rst index 07759d1e7..089f2ac25 100644 --- a/docs/tutorial/tutorial_04.rst +++ b/docs/tutorial/tutorial_04.rst @@ -7,12 +7,12 @@ You've granted a user an :term:`Access Token`, following :doc:`part 1 `, you'll have a URL at `/o/revoke_token`. By submitting the appropriate request to that URL, you can revoke a user's :term:`Access Token`. +Be sure that you've granted a valid token. If you've hooked in ``oauth-toolkit`` into your :file:`urls.py` as specified in :doc:`part 1 `, you'll have a URL at ``/o/revoke_token``. By submitting the appropriate request to that URL, you can revoke a user's :term:`Access Token`. `Oauthlib `_ is compliant with https://rfc-editor.org/rfc/rfc7009.html, so as specified, the revocation request requires: -- token: REQUIRED, this is the :term:`Access Token` you want to revoke -- token_type_hint: OPTIONAL, designating either 'access_token' or 'refresh_token'. +- ``token``: REQUIRED, this is the :term:`Access Token` you want to revoke +- ``token_type_hint``: OPTIONAL, designating either 'access_token' or 'refresh_token'. Note that these revocation-specific parameters are in addition to the authentication parameters already specified by your particular client type. @@ -36,7 +36,7 @@ obtained in :doc:`part 1 `. If your application type is `Confidenti token=XXXX&client_id=XXXX&client_secret=XXXX -The server will respond wih a `200` status code on successful revocation. You can use `curl` to make a revoke request on your server. If you have access to a local installation of your authorization server, you can test revoking a token with a request like that shown below, for a `Confidential` client. +The server will respond wih a ``200`` status code on successful revocation. You can use ``curl`` to make a revoke request on your server. If you have access to a local installation of your authorization server, you can test revoking a token with a request like that shown below, for a `Confidential` client. :: diff --git a/docs/tutorial/tutorial_05.rst b/docs/tutorial/tutorial_05.rst index 1be656b88..896578a9c 100644 --- a/docs/tutorial/tutorial_05.rst +++ b/docs/tutorial/tutorial_05.rst @@ -38,7 +38,7 @@ See the `RabbitMQ Installing on Windows `_. :: @@ -58,7 +58,7 @@ in the database and adds a Django Admin interface for configuring them. } -Now add a new file to your app to add Celery: ``tutorial/celery.py``: +Now add a new file to your app to add Celery: :file:`tutorial/celery.py`: .. code-block:: python @@ -74,8 +74,8 @@ Now add a new file to your app to add Celery: ``tutorial/celery.py``: # Load task modules from all registered Django apps. app.autodiscover_tasks() -This will autodiscover any ``tasks.py`` files in the list of installed apps. -We'll add ours now in ``tutorial/tasks.py``: +This will autodiscover any :file:`tasks.py` files in the list of installed apps. +We'll add ours now in :file:`tutorial/tasks.py`: .. code-block:: python @@ -87,7 +87,7 @@ We'll add ours now in ``tutorial/tasks.py``: clear_expired() -Finally, update ``tutorial/__init__.py`` to make sure Celery gets loaded when the app starts up: +Finally, update :file:`tutorial/__init__.py` to make sure Celery gets loaded when the app starts up: .. code-block:: python diff --git a/docs/views/application.rst b/docs/views/application.rst index a9f04bcd3..c5ec70d3b 100644 --- a/docs/views/application.rst +++ b/docs/views/application.rst @@ -2,9 +2,9 @@ Application Views ================= A set of views is provided to let users handle application instances without accessing Django Admin -Site. Application views are listed at the url `applications/` and you can register a new one at the -url `applications/register`. You can override default templates located in -`templates/oauth2_provider` folder and provide a custom layout. Every view provides access only to +Site. Application views are listed at the url ``applications/`` and you can register a new one at the +url ``applications/register``. You can override default templates located in +:file:`templates/oauth2_provider` folder and provide a custom layout. Every view provides access only to data belonging to the logged in user who performs the request. diff --git a/docs/views/function_based.rst b/docs/views/function_based.rst index c7b88ba9f..57884b2b9 100644 --- a/docs/views/function_based.rst +++ b/docs/views/function_based.rst @@ -43,8 +43,8 @@ Django OAuth Toolkit provides decorators to help you in protecting your function .. function:: rw_protected_resource(scopes=None, validator_cls=OAuth2Validator, server_cls=Server) Decorator to protect views by providing OAuth2 authentication and read/write scopes out of the - box. GET, HEAD, OPTIONS HTTP methods require "read" scope. - Otherwise "write" scope is required:: + box. ``GET``, ``HEAD``, ``OPTIONS`` HTTP methods require ``'read'`` scope. + Otherwise ``'write'`` scope is required:: from oauth2_provider.decorators import rw_protected_resource @@ -54,7 +54,7 @@ Django OAuth Toolkit provides decorators to help you in protecting your function # ... pass - If you need, you can ask for other scopes over "read" and "write":: + If you need, you can ask for other scopes over ``'read'`` and ``'write'``:: from oauth2_provider.decorators import rw_protected_resource diff --git a/docs/views/token.rst b/docs/views/token.rst index ead0d023d..6c6d2b6ae 100644 --- a/docs/views/token.rst +++ b/docs/views/token.rst @@ -5,10 +5,10 @@ A set of views is provided to let users handle tokens that have been granted to Every view provides access only to the tokens that have been granted to the user performing the request. -Granted Token views are listed at the url `authorized_tokens/`. +Granted Token views are listed at the url ``authorized_tokens/``. -For each granted token there is a delete view that allows you to delete such token. You can override default templates `authorized-tokens.html` for the list view and `authorized-token-delete.html` for the delete view; they are located inside `templates/oauth2_provider` folder. +For each granted token there is a delete view that allows you to delete such token. You can override default templates :file:`authorized-tokens.html` for the list view and :file:`authorized-token-delete.html` for the delete view; they are located inside :file:`templates/oauth2_provider` folder. .. automodule:: oauth2_provider.views.token From 6da4f87b7676ccc873080a8eaf76382182e1136c Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:18:19 +0900 Subject: [PATCH 07/15] docs: use reStructuredText literal code blocks syntax --- docs/contributing.rst | 5 +++-- docs/install.rst | 4 ++-- docs/rest-framework/getting_started.rst | 24 ++++++------------------ 3 files changed, 11 insertions(+), 22 deletions(-) diff --git a/docs/contributing.rst b/docs/contributing.rst index 2bae08213..87ce11005 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -209,7 +209,7 @@ The Checklist A checklist template is automatically added to your PR when you create it. Make sure you've done all the applicable steps and check them off to indicate you have done so. This is -what you'll see when creating your PR: +what you'll see when creating your PR:: Fixes # @@ -263,8 +263,9 @@ Try reading our code and grasp the overall philosophy regarding method and varia the sake of readability, keep in mind that *simple is better than complex*. If you feel the code is not straightforward, add a comment. If you think a function is not trivial, add a docstrings. -To see if your code formatting will pass muster use: `tox -e flake8` +To see if your code formatting will pass muster use:: + tox -e flake8 The contents of this page are heavily based on the docs from `django-admin2 `_ diff --git a/docs/install.rst b/docs/install.rst index 62d42e387..87f1df092 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -1,8 +1,8 @@ Installation ============ -Install with pip -:: +Install with pip:: + pip install django-oauth-toolkit Add ``oauth2_provider`` to your ``INSTALLED_APPS`` diff --git a/docs/rest-framework/getting_started.rst b/docs/rest-framework/getting_started.rst index 1483ad8d5..687d353e3 100644 --- a/docs/rest-framework/getting_started.rst +++ b/docs/rest-framework/getting_started.rst @@ -9,9 +9,7 @@ This tutorial is based on the Django REST Framework example and shows you how to Step 1: Minimal setup --------------------- -Create a virtualenv and install following packages using `pip`... - -:: +Create a virtualenv and install following packages using ``pip``:: pip install django-oauth-toolkit djangorestframework @@ -156,9 +154,7 @@ Save your app! Step 4: Get your token and use your API --------------------------------------- -At this point we're ready to request an access_token. Open your shell - -:: +At this point we're ready to request an access_token. Open your shell:: curl -X POST -d "grant_type=password&username=&password=" -u":" http://localhost:8000/o/token/ @@ -175,9 +171,7 @@ Response should be something like: "scope": "read write groups" } -Grab your access_token and start using your new OAuth2 API: - -:: +Grab your access_token and start using your new OAuth2 API:: # Retrieve users curl -H "Authorization: Bearer " http://localhost:8000/users/ @@ -189,9 +183,7 @@ Grab your access_token and start using your new OAuth2 API: # Insert a new user curl -H "Authorization: Bearer " -X POST -d"username=foo&password=bar&scope=write" http://localhost:8000/users/ -Some time has passed and your access token is about to expire, you can get renew the access token issued using the `refresh token`: - -:: +Some time has passed and your access token is about to expire, you can get renew the access token issued using the `refresh token`:: curl -X POST -d "grant_type=refresh_token&refresh_token=&client_id=&client_secret=" http://localhost:8000/o/token/ @@ -212,9 +204,7 @@ Your response should be similar to your first ``access_token`` request, containi Step 5: Testing Restricted Access --------------------------------- -Let's try to access resources using a token with a restricted scope adding a `scope` parameter to the token request - -:: +Let's try to access resources using a token with a restricted scope adding a ``scope`` parameter to the token request:: curl -X POST -d "grant_type=password&username=&password=&scope=read" -u":" http://localhost:8000/o/token/ @@ -230,9 +220,7 @@ As you can see the only scope provided is ``read``: "scope": "read" } -We now try to access our resources: - -:: +We now try to access our resources:: # Retrieve users curl -H "Authorization: Bearer " http://localhost:8000/users/ From e51084b5d82f4e42aabcc6ace1591599158a7d49 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:18:53 +0900 Subject: [PATCH 08/15] docs: more readable bold header --- docs/rest-framework/getting_started.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/rest-framework/getting_started.rst b/docs/rest-framework/getting_started.rst index 687d353e3..37ea5760b 100644 --- a/docs/rest-framework/getting_started.rst +++ b/docs/rest-framework/getting_started.rst @@ -145,9 +145,9 @@ views you can use to CRUD application instances, just point your browser at: Click on the link to create a new application and fill the form with the following data: -* Name: *just a name of your choice* -* Client Type: *confidential* -* Authorization Grant Type: *Resource owner password-based* +* **Name:** *just a name of your choice* +* **Client Type:** *confidential* +* **Authorization Grant Type:** *Resource owner password-based* Save your app! From 14dd0b41826d1ef7550c738ee81427ec4232ef7f Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:20:03 +0900 Subject: [PATCH 09/15] docs: fix code syntax name to json --- docs/getting_started.rst | 4 ++-- docs/rest-framework/getting_started.rst | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/getting_started.rst b/docs/getting_started.rst index 3af6b50cc..1dc8712f7 100644 --- a/docs/getting_started.rst +++ b/docs/getting_started.rst @@ -332,7 +332,7 @@ To be more easy to visualize:: The OAuth2 provider will return the follow response: -.. code-block:: javascript +.. code-block:: json { "access_token": "jooqrnOrNa0BrNWlg68u9sl6SkdFZg", @@ -402,7 +402,7 @@ To be easier to visualize:: The OAuth2 provider will return the following response: -.. code-block:: javascript +.. code-block:: json { "access_token": "PaZDOD5UwzbGOFsQr34LQ7JUYOj3yK", diff --git a/docs/rest-framework/getting_started.rst b/docs/rest-framework/getting_started.rst index 37ea5760b..4e6b037b0 100644 --- a/docs/rest-framework/getting_started.rst +++ b/docs/rest-framework/getting_started.rst @@ -161,7 +161,7 @@ At this point we're ready to request an access_token. Open your shell:: The *user_name* and *password* are the credential of the users registered in your :term:`Authorization Server`, like any user created in Step 2. Response should be something like: -.. code-block:: javascript +.. code-block:: json { "access_token": "", @@ -189,7 +189,7 @@ Some time has passed and your access token is about to expire, you can get renew Your response should be similar to your first ``access_token`` request, containing a new access_token and refresh_token: -.. code-block:: javascript +.. code-block:: json { "access_token": "", @@ -210,7 +210,7 @@ Let's try to access resources using a token with a restricted scope adding a ``s As you can see the only scope provided is ``read``: -.. code-block:: javascript +.. code-block:: json { "access_token": "", From 0629804034694d8647bc96789d318ac427c57573 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:20:25 +0900 Subject: [PATCH 10/15] docs: capitalize HTTP --- docs/settings.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/settings.rst b/docs/settings.rst index fabcc7c0c..fa53e096e 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -72,7 +72,7 @@ A list of schemes that the ``allowed_origins`` field will be validated against. Setting this to ``["https"]`` only in production is strongly recommended. Adding ``"http"`` to the list is considered to be safe only for local development and testing. Note that `OAUTHLIB_INSECURE_TRANSPORT `_ -environment variable should be also set to allow http origins. +environment variable should be also set to allow HTTP origins. APPLICATION_MODEL From cf91feada77a2c0502040429990ea79f57ffb42a Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:20:45 +0900 Subject: [PATCH 11/15] docs: make links list --- docs/tutorial/tutorial_05.rst | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/tutorial/tutorial_05.rst b/docs/tutorial/tutorial_05.rst index 896578a9c..e75f3e23e 100644 --- a/docs/tutorial/tutorial_05.rst +++ b/docs/tutorial/tutorial_05.rst @@ -162,8 +162,6 @@ References The preceding is based on these references: -https://docs.celeryq.dev/en/stable/django/first-steps-with-django.html - -https://docs.celeryq.dev/en/stable/userguide/periodic-tasks.html#beat-custom-schedulers - -https://django-celery-beat.readthedocs.io/en/latest/index.html +* https://docs.celeryq.dev/en/stable/django/first-steps-with-django.html +* https://docs.celeryq.dev/en/stable/userguide/periodic-tasks.html#beat-custom-schedulers +* https://django-celery-beat.readthedocs.io/en/latest/index.html From 8a5e336d6bba3fff2a8cfea65df9194a2db6f030 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:21:12 +0900 Subject: [PATCH 12/15] docs: format settings examples --- docs/advanced_topics.rst | 2 +- docs/getting_started.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/advanced_topics.rst b/docs/advanced_topics.rst index d3db324b2..0b2ee20b0 100644 --- a/docs/advanced_topics.rst +++ b/docs/advanced_topics.rst @@ -44,7 +44,7 @@ module):: Then you need to tell Django OAuth Toolkit which model you want to use to represent applications. Write something like this in your settings module:: - OAUTH2_PROVIDER_APPLICATION_MODEL='your_app_name.MyApplication' + OAUTH2_PROVIDER_APPLICATION_MODEL = 'your_app_name.MyApplication' Be aware that, when you intend to swap the application model, you should create and run the migration defining the swapped application model prior to setting ``OAUTH2_PROVIDER_APPLICATION_MODEL``. diff --git a/docs/getting_started.rst b/docs/getting_started.rst index 1dc8712f7..2d7ebe269 100644 --- a/docs/getting_started.rst +++ b/docs/getting_started.rst @@ -109,7 +109,7 @@ Configure ``users.User`` to be the model used for the ``auth`` application by ad .. code-block:: python - AUTH_USER_MODEL='users.User' + AUTH_USER_MODEL = 'users.User' Create inital migration for ``users`` application ``User`` model:: @@ -203,7 +203,7 @@ Last change, add ``LOGIN_URL`` to :file:`iam/settings.py`: .. code-block:: python - LOGIN_URL='/admin/login/' + LOGIN_URL = '/admin/login/' We will use Django Admin login to make our life easy. From 3de20fc639330e068d71c5ff6d7b2b79fb2e10ed Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:21:30 +0900 Subject: [PATCH 13/15] docs: linkify `ACCESS_TOKEN_GENERATOR` --- docs/settings.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/settings.rst b/docs/settings.rst index fa53e096e..db5ef110b 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -195,7 +195,7 @@ when close to expiration, theoretically). REFRESH_TOKEN_GENERATOR ~~~~~~~~~~~~~~~~~~~~~~~ -See `ACCESS_TOKEN_GENERATOR`. This is the same but for refresh tokens. +See `ACCESS_TOKEN_GENERATOR`_. This is the same but for refresh tokens. Defaults to access token generator if not provided. REQUEST_APPROVAL_PROMPT From 6d85ca48c392a21768f2d88744ff6b2e8afb10be Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:21:49 +0900 Subject: [PATCH 14/15] docs: consistent shell command example --- docs/install.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/install.rst b/docs/install.rst index 87f1df092..7186a94c0 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -34,7 +34,6 @@ Or using ``re_path()`` urlpatterns = [ ... - re_path(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')), ] @@ -43,7 +42,7 @@ Sync your database .. sourcecode:: sh - $ python manage.py migrate oauth2_provider + python manage.py migrate oauth2_provider Next step is :doc:`getting started ` or :doc:`first tutorial `. From 1f4d384569a53d4a782ceb5b6d44424d00e5e92e Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Mon, 19 Feb 2024 18:22:07 +0900 Subject: [PATCH 15/15] docs: fix a broken link --- docs/contributing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/contributing.rst b/docs/contributing.rst index 87ce11005..c31e72990 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -194,7 +194,7 @@ Then merge the changes that you fetched:: git merge upstream/master -For more info, see http://help.github.com/fork-a-repo/ +For more information, see the `GitHub Docs on forking the repository `_. .. note:: Please be sure to rebase your commits on the master when possible, so your commits can be fast-forwarded: we try to avoid *merge commits* when they are not necessary.