Add oauth lib, configure for hep api

Pipfile

@@ -44,3 +44,4 @@ unittest-xml-reporting = "*"
 django-silk = "*"
 wagtail-autocomplete = "*"
 jedi = "==0.17.2"
+authlib = "*"

Pipfile.lock

@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "58d8faf7e03679ac7b0053dd01e54288d3a719c8ee25c1edf20a74ebcbf87951"
+            "sha256": "0502c8c042ab65ff8851c76523ff098ff6253c9a744cc5877785da847fe6bd36"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -23,6 +23,22 @@
             ],
             "version": "==7.0.0"
         },
+        "appnope": {
+            "hashes": [
+                "sha256:93aa393e9d6c54c5cd570ccadd8edad61ea0c4b9ea7a01409020c9aa019eb442",
+                "sha256:dd83cd4b5b460958838f6eb3000c660b1f9caf2a5b1de4264e941512f603258a"
+            ],
+            "markers": "sys_platform == 'darwin'",
+            "version": "==0.1.2"
+        },
+        "authlib": {
+            "hashes": [
+                "sha256:0f6af3a38d37dd77361808dd3f2e258b647668dac6d2cefcefc4c4ebc3c7d2b2",
+                "sha256:7dde11ba45db51e97169c261362fab3193073100b7387e60c159db1eec470bbc"
+            ],
+            "index": "pypi",
+            "version": "==0.15.3"
+        },
         "autopep8": {
             "hashes": [
                 "sha256:276ced7e9e3cb22e5d7c14748384a5cf5d9002257c0ed50c0e075b68011bb6d0",
@@ -76,6 +92,48 @@
             ],
             "version": "==2020.12.5"
         },
+        "cffi": {
+            "hashes": [
+                "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813",
+                "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06",
+                "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea",
+                "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee",
+                "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396",
+                "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73",
+                "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315",
+                "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1",
+                "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49",
+                "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892",
+                "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482",
+                "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058",
+                "sha256:51182f8927c5af975fece87b1b369f722c570fe169f9880764b1ee3bca8347b5",
+                "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53",
+                "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045",
+                "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3",
+                "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5",
+                "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e",
+                "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c",
+                "sha256:72d8d3ef52c208ee1c7b2e341f7d71c6fd3157138abf1a95166e6165dd5d4369",
+                "sha256:8ae6299f6c68de06f136f1f9e69458eae58f1dacf10af5c17353eae03aa0d827",
+                "sha256:8b198cec6c72df5289c05b05b8b0969819783f9418e0409865dac47288d2a053",
+                "sha256:99cd03ae7988a93dd00bcd9d0b75e1f6c426063d6f03d2f90b89e29b25b82dfa",
+                "sha256:9cf8022fb8d07a97c178b02327b284521c7708d7c71a9c9c355c178ac4bbd3d4",
+                "sha256:9de2e279153a443c656f2defd67769e6d1e4163952b3c622dcea5b08a6405322",
+                "sha256:9e93e79c2551ff263400e1e4be085a1210e12073a31c2011dbbda14bda0c6132",
+                "sha256:9ff227395193126d82e60319a673a037d5de84633f11279e336f9c0f189ecc62",
+                "sha256:a465da611f6fa124963b91bf432d960a555563efe4ed1cc403ba5077b15370aa",
+                "sha256:ad17025d226ee5beec591b52800c11680fca3df50b8b29fe51d882576e039ee0",
+                "sha256:afb29c1ba2e5a3736f1c301d9d0abe3ec8b86957d04ddfa9d7a6a42b9367e396",
+                "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e",
+                "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991",
+                "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6",
+                "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1",
+                "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406",
+                "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d",
+                "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c"
+            ],
+            "version": "==1.14.5"
+        },
         "chardet": {
             "hashes": [
                 "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa",
@@ -84,6 +142,23 @@
             "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
             "version": "==4.0.0"
         },
+        "cryptography": {
+            "hashes": [
+                "sha256:0f1212a66329c80d68aeeb39b8a16d54ef57071bf22ff4e521657b27372e327d",
+                "sha256:1e056c28420c072c5e3cb36e2b23ee55e260cb04eee08f702e0edfec3fb51959",
+                "sha256:240f5c21aef0b73f40bb9f78d2caff73186700bf1bc6b94285699aff98cc16c6",
+                "sha256:26965837447f9c82f1855e0bc8bc4fb910240b6e0d16a664bb722df3b5b06873",
+                "sha256:37340614f8a5d2fb9aeea67fd159bfe4f5f4ed535b1090ce8ec428b2f15a11f2",
+                "sha256:3d10de8116d25649631977cb37da6cbdd2d6fa0e0281d014a5b7d337255ca713",
+                "sha256:3d8427734c781ea5f1b41d6589c293089704d4759e34597dce91014ac125aad1",
+                "sha256:7ec5d3b029f5fa2b179325908b9cd93db28ab7b85bb6c1db56b10e0b54235177",
+                "sha256:8e56e16617872b0957d1c9742a3f94b43533447fd78321514abbe7db216aa250",
+                "sha256:de4e5f7f68220d92b7637fc99847475b59154b7a1b3868fb7385337af54ac9ca",
+                "sha256:eb8cc2afe8b05acbd84a43905832ec78e7b3873fb124ca190f574dca7389a87d",
+                "sha256:ee77aa129f481be46f8d92a1a7db57269a2f23052d5f2433b4621bb457081cc9"
+            ],
+            "version": "==3.4.7"
+        },
         "decorator": {
             "hashes": [
                 "sha256:6f201a6c4dac3d187352661f508b9364ec8091217442c9478f1f83c003a0f060",
@@ -473,30 +548,19 @@
                 "sha256:0013f590a8f260df60bcfd65db19d18efc04e7f046c3c82a40e2e2b3292a937c",
                 "sha256:0b899ee80920bb533f26581af9b4660bc12aff4562555afe74e429101ebf3c94",
                 "sha256:12f29d6c23424f704c66b5b68c02fe0b571504459605cfe36ab8158359b0e1bb",
-                "sha256:135e9aa65150c53f7db85bf2bebb8a0e1a48ea850e80cf66e16dd04fa09d309c",
                 "sha256:153ec6f18f7b61641e0e6e502acfaf4a06c9aba2ea11c0b4b3578ea9f13a4a4a",
-                "sha256:17fe25efc785194d48c38fad85dce470013ba19d2fb66639e149f14bccf1327f",
                 "sha256:1912b7230459fd53682dae32b83cbd8e5d642ba36d4be18566f00a9c063aa13d",
                 "sha256:1a5b93084e01328a1cb1ecdad99d11d75e881e89a95f88d85b523646553b36c2",
                 "sha256:25193f934d37d836a6b1f4c062ce574a96cbca7c6d9dc8ddfbbac7f9c54deaa4",
-                "sha256:2c042352b430d678db50c78c5214e19638eff8b688941271da2de21fd298dfe5",
-                "sha256:2e818dbe445e86fc6c266973fe540c35125c42eb2cf13a6095e9adaa89c0deb5",
                 "sha256:2fcde9954c8882d1c7f93bb828caa34a4c5e3ee69dbc7895dc8652ad972b455a",
                 "sha256:35f7d998b8e82fb3fb51ff88b30485eb81cd7dd56ec7e1a8deba23eb88532d44",
-                "sha256:37cc0339abfa9e295c75d9a7f227d35cb44716feb95057f9449c4a9e9a17daf7",
                 "sha256:43334f9581cd067945b8898cef9eb5714ee4883f8de0304c011f1dbdb1d4e2aa",
                 "sha256:4bd4a71501b6d51db4abc07e1f43f5a6fed0a1a9583cca0b401d6af50284b0db",
-                "sha256:57aa6198ba8acba1313c3b743e267d821a60cac77e6026caf0b55ca58d3d23be",
                 "sha256:5b0d657460d9f3615876fec6306e97ca15a471f6169b622d76a47e270998acf1",
-                "sha256:5cd36804f9f06a914a883fe682df5711d16d7b4f44d43189c5f013e7cd91e149",
                 "sha256:6977cf073d83358b34f93abf5c1f1193b88675fe0e4441e0e28318bc3dcba7a0",
                 "sha256:718ec7a122b28d64afc5fbc3a9b99bb0545ef511373cac06fe7624520e82cb20",
-                "sha256:7dfbefdb3fb911ca9faed307bf309861e9995e36cca6b761c7ba6d9b77a9744a",
                 "sha256:801cca8923508311bf5d6d0f7da5362552e8208ebd8ec0d7b9f2cd2ff5705734",
-                "sha256:82b172e3264e62372c01b5b009b5b1a02fbb9276cbe5cc57ab00a6d6e5ed9a18",
-                "sha256:82d1ff571489765df2816785d532e243bde213752156c227fca595723ec5ff42",
                 "sha256:8580fc58074a16b749905b26cf8363f7b628dd167ba0130f5382cdc91c86b509",
-                "sha256:931030d1d6282b7900e6b0a7ff9ecdb503b5e1e6781800dab2b71a9f39405bff",
                 "sha256:9525cd680a6f9e80c6c0af03cf973e6505c59f60b4745f682cd1a449e54b31bb",
                 "sha256:a224651a81e45ef4f1d0164e256c5f6b4abb49f2ae8f22ba2f3a9d0ff338e608",
                 "sha256:a370d1c570f1d72e877099651e752332444b1c5009381f043c9da5fd47f3ebae",
@@ -505,12 +569,7 @@
                 "sha256:b85f703c2ffe539313e39ce0676bed0f355cec45a16e58c9ab7417445843047c",
                 "sha256:b9f63451084a718eccdeb1e382768c94647915653af4d6019f64560d9e98642b",
                 "sha256:c793dfaa130847ccff958492b76ae8b9304e60b8a79a92962cb19e368276a22b",
-                "sha256:d60c1625b108432ace8b1fa1a584017e5efa73f107d0f493c7f39c79bebf1d41",
-                "sha256:dc4b018d5c9b636f7546583c5591b9ea00c328c3e5871992ef5b95bac353f097",
-                "sha256:ddd16ab250b4fc97db1c47407e78c25216a75c29d29d10ad37e51b7a2ec7b2c3",
-                "sha256:e126ff4fed71e78333840c07279e1617f63cfca76d63ad5b27d65a7277206a3d",
-                "sha256:f8d49be8c282df8d2e1ab6ab53ab8abd859b1fa6fed384457ee85c9eff64ef97",
-                "sha256:fcf64c91fd44485100a2965d23bb0e227d093e91f7e776c5ca3b32574766eb56"
+                "sha256:ddd16ab250b4fc97db1c47407e78c25216a75c29d29d10ad37e51b7a2ec7b2c3"
             ],
             "index": "pypi",
             "version": "==5.0.0"
@@ -565,6 +624,13 @@
             "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
             "version": "==2.7.0"
         },
+        "pycparser": {
+            "hashes": [
+                "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0",
+                "sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705"
+            ],
+            "version": "==2.20"
+        },
         "pygments": {
             "hashes": [
                 "sha256:a18f47b506a429f6f4b9df81bb02beab9ca21d0a5fee38ed15aef65f0545519f",
@@ -730,8 +796,8 @@
         },
         "traitlets": {
             "hashes": [
-                "sha256:178f4ce988f69189f7e523337a3e11d91c786ded9360174a3d9ca83e79bc5396",
-                "sha256:69ff3f9d5351f31a7ad80443c2674b7099df13cc41fc5fa6e2f6d3b0330b0426"
+                "sha256:70b4c6a1d9019d7b4f6846832288f86998aa3b9207c6821f3578a6a6a467fe44",
+                "sha256:d023ee369ddd2763310e4c3eae1ff649689440d4ae59d7485eb4cfbbe3e359f7"
             ],
             "markers": "python_version >= '3.7'",
             "version": "==5.0.5"
@@ -821,6 +887,14 @@
         }
     },
     "develop": {
+        "appnope": {
+            "hashes": [
+                "sha256:93aa393e9d6c54c5cd570ccadd8edad61ea0c4b9ea7a01409020c9aa019eb442",
+                "sha256:dd83cd4b5b460958838f6eb3000c660b1f9caf2a5b1de4264e941512f603258a"
+            ],
+            "markers": "sys_platform == 'darwin'",
+            "version": "==0.1.2"
+        },
         "asgiref": {
             "hashes": [
                 "sha256:92906c611ce6c967347bbfea733f13d6313901d54dcca88195eaeb52b2a8e8ee",
@@ -1138,19 +1212,8 @@
         },
         "pyasn1": {
             "hashes": [
-                "sha256:014c0e9976956a08139dc0712ae195324a75e142284d5f87f1a87ee1b068a359",
-                "sha256:03840c999ba71680a131cfaee6fab142e1ed9bbd9c693e285cc6aca0d555e576",
-                "sha256:0458773cfe65b153891ac249bcf1b5f8f320b7c2ce462151f8fa74de8934becf",
-                "sha256:08c3c53b75eaa48d71cf8c710312316392ed40899cb34710d092e96745a358b7",
                 "sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d",
-                "sha256:5c9414dcfede6e441f7e8f81b43b34e834731003427e5b09e4e00e3172a10f00",
-                "sha256:6e7545f1a61025a4e58bb336952c5061697da694db1cae97b116e9c46abcf7c8",
-                "sha256:78fa6da68ed2727915c4767bb386ab32cdba863caa7dbe473eaae45f9959da86",
-                "sha256:7ab8a544af125fb704feadb008c99a88805126fb525280b2270bb25cc1d78a12",
-                "sha256:99fcc3c8d804d1bc6d9a099921e39d827026409a58f2a720dcdb89374ea0c776",
-                "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba",
-                "sha256:e89bf84b5437b532b0803ba5c9a5e054d21fec423a89952a74f87fa2c9b7bce2",
-                "sha256:fec3e9d8e36808a28efb59b489e4528c10ad0f480e57dcc32b4de5c9d8c9fdf3"
+                "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba"
             ],
             "version": "==0.4.8"
         },
@@ -1269,8 +1332,16 @@
         },
         "traitlets": {
             "hashes": [
-                "sha256:178f4ce988f69189f7e523337a3e11d91c786ded9360174a3d9ca83e79bc5396",
-                "sha256:69ff3f9d5351f31a7ad80443c2674b7099df13cc41fc5fa6e2f6d3b0330b0426"
+                "sha256:70b4c6a1d9019d7b4f6846832288f86998aa3b9207c6821f3578a6a6a467fe44",
+                "sha256:d023ee369ddd2763310e4c3eae1ff649689440d4ae59d7485eb4cfbbe3e359f7"
+            ],
+            "version": "==4.3.3"
+        },
+        "typing-extensions": {
+            "hashes": [
+                "sha256:0ac0f89795dd19de6b97debb0c6af1c70987fd80a2d62d1958f7e56fcc31b497",
+                "sha256:50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342",
+                "sha256:779383f6086d90c99ae41cf0ff39aac8a7937a9283ce0a414e5dd782f4c94a84"
             ],
             "markers": "python_version >= '3.7'",
             "version": "==5.0.5"

server/core/hep_client.py

@@ -4,6 +4,8 @@ from django.conf import settings
 import logging
 import requests
 
+from core import oauth
+
 logger = logging.getLogger(__name__)
 
 TEACHER_KEY = 'teacher'
@@ -54,22 +56,14 @@ class HepClient:
         'content-type': 'application/json'
     }
 
-    def _call(self, url, method='get', data=None, additional_headers=None):
+    def _call(self, url, token, method='get', data=None):
 
         request_url = f'{self.URL}{url}'
 
-        if additional_headers:
-            headers = {**additional_headers, **self.HEADERS}
-        else:
-            headers = self.HEADERS
-
         if method == 'post':
-            response = requests.post(request_url, json=data, headers=headers)
+            response = requests.post(request_url, json=data)
         elif method == 'get':
-            if data:
-                response = requests.get(request_url, headers=headers, data=data)
-            else:
-                response = requests.get(request_url, headers=headers)
+            response = oauth.hep.get(url, token=token)
         elif method == 'put':
             response = requests.put(request_url, data=data)
 
@@ -81,40 +75,20 @@ class HepClient:
 
         return response
 
-    def fetch_admin_token(self, admin_user, password):
-        response = self._call('/rest/deutsch/V1/integration/admin/token', 'post',
-                              data={'username': admin_user, 'password': password})
-        return response.content.decode('utf-8')[1:-1]
-
-    def is_email_available(self, email):
-        response = self._call('/rest/deutsch/V1/customers/isEmailAvailable', method='post',
-                              data={'customerEmail': email, 'websiteId': self.WEBSITE_ID})
-        return response.json()
-
     def is_email_verified(self, user_data):
         return 'confirmation' not in user_data
 
-    def customer_verify_email(self, confirmation_key):
-        response = self._call('/rest/V1/customers/me', method='put', data={'confirmationKey': confirmation_key})
-        return response.json()
-
-    def customer_create(self, customer_data):
-        response = self._call('/rest/deutsch/V1/customers', method='post', data=customer_data)
-        return response.json()
-
-    def customer_token(self, username, password):
-        response = self._call('/rest/deutsch/V1/integration/customer/token', 'post',
-                              data={'username': username, 'password': password})
-        return response.json()
-
-    def customer_me(self, token):
-        response = self._call('/rest/V1/customers/me', additional_headers={'authorization': f'Bearer {token}'})
+    def user_details(self, token):
+        response = self._call('/api/auth/user', token)
         return response.json()
 
+    # gone --->
     def customer_activate(self, confirmation_key, user_id):
         response = self._call(f'/customer/account/confirm/?back_url=&id={user_id}&key={confirmation_key}', method='get')
         return response
 
+    # --->
+
     def customers_search(self, admin_token, email):
         response = self._call('/rest/V1/customers/search?searchCriteria[filterGroups][0][filters][0][field]='
                                 f'email&searchCriteria[filterGroups][0][filters][0][value]={email}',

server/core/migrations/0002_oauth2token.py

@@ -0,0 +1,28 @@
+# Generated by Django 2.2.21 on 2021-05-05 06:37
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('core', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='OAuth2Token',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=40)),
+                ('token_type', models.CharField(max_length=40)),
+                ('access_token', models.CharField(max_length=200)),
+                ('refresh_token', models.CharField(max_length=200)),
+                ('expires_at', models.PositiveIntegerField()),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]

server/core/models.py

@@ -1,6 +1,7 @@
 from datetime import datetime
 
 from django.db import models
+from django.contrib.auth import get_user_model
 
 from core.managers import AdminDataManager
 
@@ -10,3 +11,22 @@ class AdminData(models.Model):
     updated_at = models.DateTimeField(blank=False, null=True, auto_now=True)
 
     objects = AdminDataManager()
+
+
+# https://docs.authlib.org/en/latest/client/frameworks.html#frameworks-clients
+class OAuth2Token(models.Model):
+    name = models.CharField(max_length=40)
+    token_type = models.CharField(max_length=40)
+    access_token = models.CharField(max_length=200)
+    refresh_token = models.CharField(max_length=200)
+    expires_at = models.PositiveIntegerField()
+    user = models.ForeignKey(get_user_model(), on_delete=models.CASCADE)
+
+    def to_token(self):
+        return dict(
+            access_token=self.access_token,
+            token_type=self.token_type,
+            refresh_token=self.refresh_token,
+            expires_at=self.expires_at,
+        )
+

server/core/oauth.py

@@ -0,0 +1,20 @@
+# for Django framework
+from authlib.integrations.django_client import OAuth
+from django.conf import settings
+
+oauth = OAuth()
+oauth.register(
+    name='hep',
+    client_id=settings.AUTHLIB_OAUTH_CLIENTS['hep']['client_id'],
+    client_secret=settings.AUTHLIB_OAUTH_CLIENTS['hep']['client_secret'],
+    request_token_url=settings.AUTHLIB_OAUTH_CLIENTS['hep']['request_token_url'],
+    request_token_params=None,
+    access_token_url=settings.AUTHLIB_OAUTH_CLIENTS['hep']['access_token_url'],
+    access_token_params=None,
+    authorize_url=settings.AUTHLIB_OAUTH_CLIENTS['hep']['authorize_url'],
+    authorize_params=None,
+    api_base_url=settings.AUTHLIB_OAUTH_CLIENTS['hep']['api_base_url'],
+    client_kwargs=settings.AUTHLIB_OAUTH_CLIENTS['hep']['client_kwargs'],
+)
+
+

server/core/settings.py

@@ -402,6 +402,28 @@ HEP_ADMIN_PASSWORD = os.environ.get("HEP_ADMIN_PASSWORD")
 HEP_URL = os.environ.get("HEP_URL")
 HEP_MYSKILLBOX_GROUP_ID = 5
 
+# HEP Oauth
+AUTHLIB_OAUTH_CLIENTS = {
+    'hep': {
+        'client_id': os.environ.get("OAUTH_CLIENT_ID"),
+        'client_secret': os.environ.get("OAUTH_CLIENT_SECRET"),
+        'request_token_url': None,
+        'request_token_params': None,
+        'access_token_url': os.environ.get("OAUTH_ACCESS_TOKEN_URL"),
+        'access_token_params': None,
+        'refresh_token_url': None,
+        'authorize_url': os.environ.get("OAUTH_AUTHORIZE_URL"),
+        'api_base_url': os.environ.get("OAUTH_API_BASE_URL"),
+        'client_kwargs': {
+            'scope': 'email',
+            'token_endpoint_auth_method': 'client_secret_post',
+            'token_placement': 'header',
+        }
+    }
+}
+
+OAUTH_REDIRECT_URI = 'https://d4bad3badee0.ngrok.io/oauth/callback/'
+
 TASKBASE_USER = os.environ.get("TASKBASE_USER")
 TASKBASE_PASSWORD = os.environ.get("TASKBASE_PASSWORD")
 TASKBASE_SUPERUSER = os.environ.get("TASKBASE_SUPERUSER")

server/core/urls.py

@@ -24,7 +24,8 @@ urlpatterns = [
     url(r'^api/', include('api.urls', namespace="api")),
 
     #favicon
-    url(r'^favicon\.ico$', RedirectView.as_view(url='/static/favicon@2x.png', permanent=True))
+    url(r'^favicon\.ico$', RedirectView.as_view(url='/static/favicon@2x.png', permanent=True)),
+
 ]
 
 if settings.DEBUG and not settings.USE_AWS:
@@ -39,6 +40,10 @@ if settings.DEBUG:
 # actually we use the cms in headless mode but need the url pattern to get the wagtail_serve function
 urlpatterns += [url(r'pages/', include(wagtail_urls)), ]
 
+# oauth
+urlpatterns += [url(r'^oauth/login/', views.login, name='login')]
+urlpatterns += [url(r'^oauth/callback/', views.authorize, name='authorize')]
+
 urlpatterns += [re_path(r'^.*$', views.home, name='home')]
 
 admin.site.site_header = 'Myskillbox Admin'

server/core/views.py

@@ -7,8 +7,10 @@ from django.views.decorators.csrf import ensure_csrf_cookie
 from django.views.generic import TemplateView
 from graphene_django.views import GraphQLView
 
+from core import hep_client
 from core.hep_client import HepClient
 from core.models import AdminData
+from core.oauth import oauth
 
 
 class PrivateGraphQLView(LoginRequiredMixin, GraphQLView):
@@ -44,3 +46,18 @@ class ConfirmationKeyDisplayView(TemplateView):
         context['confirmation_key'] = hep_user['confirmation']
         context['hep_id'] = hep_user['id']
         return context
+
+
+def login(request):
+    hep_oauth_client = oauth.create_client('hep')
+    redirect_uri = settings.OAUTH_REDIRECT_URI
+    return hep_oauth_client.authorize_redirect(request, redirect_uri)
+
+
+def authorize(request):
+    token = oauth.hep.authorize_access_token(request)
+    profile = hep_client.user_details(token)
+    print(profile)
+    # user, status_msg = handle_user_and_verify_products(user_data)
+    # do something with the token and profile
+    return '...'

server/users/mutations_public.py

@@ -50,6 +50,7 @@ class Login(relay.ClientIDMutation):
         except HepClientException:
             return cls.return_login_message(UNKNOWN_ERROR)
 
+        # use in auth
         user, status_msg = handle_user_and_verify_products(user_data)
         user.sync_with_hep_data(user_data)