I have a web project made with Django 1.9 which will have its RESTful API as an application. I don't want to use Django Rest Framework since, from my understanding, it works as a wrapper of Django itself, which I already have.
I'm using django-oauth-toolkit for OAuth2 authentication, but the problem is that Django requires the csrf token in POST requests and I wan't to disable the SessionAuthenticationMiddleware in all the application. I tried to redirect to an extended method for the TokenView class, but Django still asks for the csrf token in the request.
Here is what I have so far:
Project Structure:
myproject:
|_app1
|_app2
|_api
|_views.py
|_urls.py
api/urls.py:
from django.conf.urls import include, url
from django.conf import settings
from . import views
urlpatterns = [
url(r'^o/token/$', views.TokenView.as_view(), name="token"),
url(
r'^o/',
include(
'oauth2_provider.urls',
namespace='oauth2_provider'
)
), # OAuth2 Provider
]
api/views.py:
class TokenView(InitialTokenView):
def __init__(self, **kwargs):
super(TokenView, self).__init__(**kwargs)
@method_decorator(csrf_exempt)
def dispatch(self, *args, **kwargs):
return super(TokenView, self).dispatch(*args, **kwargs)
The TokenView class comes from the original code of django-oauth-toolkit https://github.com/evonove/django-oauth-toolkit/blob/master/oauth2_provider/views/base.py
What is what I'm missing?
Thanks in advance.
