Endpoints
Built-in views and endpoints provided by the sva-oauth-client package.
URL Patterns
When you include the OAuth URLs in your urls.py:
path('oauth/', include('sva_oauth_client.urls')),
The following endpoints are automatically available:
/oauth/login/- Initiate OAuth flow/oauth/callback/- Handle OAuth callback/oauth/exchange/- Token exchange endpoint (internal)/oauth/logout/- Logout endpoint
/oauth/login/
View: oauth_login
Method: GET, POST
Purpose: Initiates the OAuth flow by generating PKCE parameters and redirecting the user to the SVA provider's authorization page.
How it works:
- Generates a secure state parameter for CSRF protection
- Generates a code verifier and challenge for PKCE
- Stores PKCE data temporarily in localStorage (via JavaScript)
- Redirects the user to the SVA provider's authorization endpoint
Usage:
<a href="{% url 'sva_oauth_client:login' %}">Sign In with SVA</a>
POST Support:
If you submit a form with remember_me checkbox, the preference is stored:
<form method="post" action="{% url 'sva_oauth_client:login' %}">
{% csrf_token %}
<label>
<input type="checkbox" name="remember_me" value="true">
Remember me for 30 days
</label>
<button type="submit">Continue with SVA</button>
</form>
/oauth/callback/
View: oauth_callback
Method: GET
Purpose: Handles the OAuth callback from the SVA provider after user authorization.
How it works:
- Receives the authorization code and state from the SVA provider
- Validates the state parameter for CSRF protection
- Retrieves the code verifier from localStorage
- Exchanges the authorization code for tokens via
/oauth/exchange/ - Stores tokens in the session and redirects to the success URL
Usage:
This endpoint is called automatically by the SVA provider. You must register this exact URL in your OAuth app configuration.
Query Parameters:
code- Authorization code from SVA providerstate- State parameter for CSRF validation
/oauth/exchange/
View: oauth_exchange
Method: POST
Purpose: Exchanges the authorization code for access tokens and the data_token.
How it works:
- Receives authorization code, state, and code verifier from the callback page
- Exchanges code for tokens using PKCE verification
- Stores access token, refresh token, and data_token in the session
- Handles "Remember Me" functionality by setting session expiry
- Returns success/error response to the callback page
Usage:
This is an internal endpoint called by JavaScript from the callback page. You typically don't need to interact with it directly.
Request Body:
{
"code": "authorization_code",
"state": "state_parameter",
"code_verifier": "pkce_code_verifier"
}
Response:
{
"success": true,
"redirect_url": "/dashboard/"
}
Or on error:
{
"success": false,
"error": "error_message"
}
/oauth/logout/
View: oauth_logout
Method: GET, POST
Purpose: Clears all OAuth-related session data and logs the user out.
How it works:
- Clears all OAuth-related session keys:
sva_oauth_access_tokensva_oauth_refresh_tokensva_oauth_data_tokensva_oauth_scopesva_access_token_expirysva_remember_me
- Redirects to
SVA_OAUTH_LOGOUT_REDIRECT(default:/)
Usage:
<a href="{% url 'sva_oauth_client:logout' %}">Logout</a>
Or programmatically:
from django.shortcuts import redirect
from sva_oauth_client.views import oauth_logout
def my_logout_view(request):
return oauth_logout(request)
Customization
Custom Redirect URLs
Configure redirect URLs in settings:
SVA_OAUTH_SUCCESS_REDIRECT = '/dashboard/'
SVA_OAUTH_ERROR_REDIRECT = '/login/'
SVA_OAUTH_LOGOUT_REDIRECT = '/'
Custom Login URL
Configure the login URL path:
SVA_OAUTH_LOGIN_URL = '/oauth/login/'
Next Steps
- Learn about Decorators for view protection
- Explore Utilities for helper functions
- Check Client API for manual OAuth flow