管理命令

Django OAuth工具包公开了一些有用的管理命令,这些命令可以通过Shell或其他方式运行,如cron或 Celery

清算令牌

这个 cleartokens 管理命令允许用户删除其生存期大于指定数量的刷新令牌 REFRESH_TOKEN_EXPIRE_SECONDS 设置。定期运行此命令非常重要(例如,通过cron),以避免使用过期的刷新令牌扰乱数据库。

如果 cleartokens 每天运行删除刷新令牌之前的最大延迟为 REFRESH_TOKEN_EXPIRE_SECONDS +1天。这通常不是问题,因为刷新令牌的生命期很长。

要防止在删除过程中使用CPU和RAM的峰值 CLEAR_EXPIRED_TOKENS_BATCH_SIZECLEAR_EXPIRED_TOKENS_BATCH_INTERVAL 用于调整处理速度的设置。

这个 cleartokens 管理命令还将删除过期的访问和ID令牌以及过期的刷新令牌。

注意:刷新令牌需要过期,然后才能从数据库中删除AccessToken。vbl.使用 cleartokens 如果没有 REFRESH_TOKEN_EXPIRE_SECONDS 效果有限。

创建应用程序

这个 createapplication 管理命令提供了以编程方式创建新应用程序的快捷方式。

usage: manage.py createapplication [-h] [--client-id CLIENT_ID] [--user USER]
                                   [--redirect-uris REDIRECT_URIS]
                                   [--post-logout-redirect-uris POST_LOGOUT_REDIRECT_URIS]
                                   [--client-secret CLIENT_SECRET]
                                   [--name NAME] [--skip-authorization]
                                   [--algorithm ALGORITHM] [--version]
                                   [-v {0,1,2,3}] [--settings SETTINGS]
                                   [--pythonpath PYTHONPATH] [--traceback]
                                   [--no-color] [--force-color]
                                   [--skip-checks]
                                   client_type authorization_grant_type

Shortcut to create a new application in a programmatic way

positional arguments:
  client_type           The client type, one of: confidential, public
  authorization_grant_type
                        The type of authorization grant to be used, one of:
                        authorization-code, implicit, password, client-
                        credentials, openid-hybrid

optional arguments:
  -h, --help            show this help message and exit
  --client-id CLIENT_ID
                        The ID of the new application
  --user USER           The user the application belongs to
  --redirect-uris REDIRECT_URIS
                        The redirect URIs, this must be a space separated
                        string e.g 'URI1 URI2'
  --post-logout-redirect-uris POST_LOGOUT_REDIRECT_URIS
                        The post logout redirect URIs, this must be a space
                        separated string e.g 'URI1 URI2'
  --client-secret CLIENT_SECRET
                        The secret for this application
  --name NAME           The name this application
  --skip-authorization  If set, completely bypass the authorization form, even
                        on the first use of the application
  --algorithm ALGORITHM
                        The OIDC token signing algorithm for this application,
                        one of: RS256, HS256
  --version             Show program's version number and exit.
  -v {0,1,2,3}, --verbosity {0,1,2,3}
                        Verbosity level; 0=minimal output, 1=normal output,
                        2=verbose output, 3=very verbose output
  --settings SETTINGS   The Python path to a settings module, e.g.
                        "myproject.settings.main". If this isn't provided, the
                        DJANGO_SETTINGS_MODULE environment variable will be
                        used.
  --pythonpath PYTHONPATH
                        A directory to add to the Python path, e.g.
                        "/home/djangoprojects/myproject".
  --traceback           Raise on CommandError exceptions.
  --no-color            Don't colorize the command output.
  --force-color         Force colorization of the command output.
  --skip-checks         Skip system checks.

如果你让 createapplication 自动生成秘密,然后在散列它之前显示该值。