Basic Authentication

Learn how to protect your views and handle authentication with SVA OAuth.

Protecting Views

Using the Decorator

The simplest way to protect a view is with the @sva_oauth_required decorator:

from sva_oauth_client.decorators import sva_oauth_required
from sva_oauth_client.utils import get_sva_claims

@sva_oauth_required
def my_protected_view(request):
    """This view requires authentication"""
    claims = get_sva_claims(request)
    # User is authenticated, access claims...
    return render(request, 'protected.html', {'claims': claims})

Manual Authentication Check

You can also check authentication manually:

from sva_oauth_client.utils import is_authenticated, get_sva_claims

def my_view(request):
    if is_authenticated(request.session):
        claims = get_sva_claims(request)
        return render(request, 'authenticated.html', {'claims': claims})
    else:
        return redirect('sva_oauth_client:login')

Class-Based Views

For class-based views, use the decorator on the dispatch method:

from django.views import View
from sva_oauth_client.decorators import sva_oauth_required
from django.utils.decorators import method_decorator

@method_decorator(sva_oauth_required, name='dispatch')
class ProtectedView(View):
    def get(self, request):
        claims = get_sva_claims(request)
        return render(request, 'protected.html', {'claims': claims})

Accessing User Data

Getting Claims

Use get_sva_claims() to retrieve user identity data:

from sva_oauth_client.utils import get_sva_claims

@sva_oauth_required
def my_view(request):
    claims = get_sva_claims(request)
    
    # Access specific claims
    email = claims.get('email')
    name = claims.get('name')
    username = claims.get('username')
    
    # Check if a claim exists
    if 'phone' in claims:
        phone = claims['phone']
    
    return render(request, 'my_template.html', {
        'email': email,
        'name': name,
    })

Available Claims

Common claims available in the data token:

• email - User's email address
• name - Full name
• username - Username
• phone - Phone number
• address - Address object
• bio - Bio/description
• social - Social media links
• images - Profile images
• And more based on approved scopes...

Requiring Specific Blocks

Using @sva_blocks_required

Require specific identity blocks:

from sva_oauth_client.decorators import sva_blocks_required

@sva_blocks_required('email', 'name', 'phone')
def profile_view(request):
    """Requires email, name, and phone blocks"""
    claims = get_sva_claims(request)
    
    # These are guaranteed to exist
    email = claims['email']
    name = claims['name']
    phone = claims['phone']
    
    return render(request, 'profile.html', {
        'email': email,
        'name': name,
        'phone': phone,
    })

What Happens if Blocks Are Missing?

If the user hasn't approved the required blocks:

1. User is redirected to login
2. An error message is displayed
3. User can approve the missing blocks during consent

Template Usage

Check Authentication Status

{% if request.session.sva_oauth_access_token %}
    <p>You are logged in!</p>
    <a href="{% url 'sva_oauth_client:logout' %}">Logout</a>
{% else %}
    <a href="{% url 'sva_oauth_client:login' %}">Sign In</a>
{% endif %}

Display User Data

{% if email %}
    <p>Email: {{ email }}</p>
{% endif %}

{% if name %}
    <p>Name: {{ name }}</p>
{% endif %}

Logout

Using the Logout View

The package provides a logout view:

# In your URLs
path('oauth/', include('sva_oauth_client.urls')),

# In your template
<a href="{% url 'sva_oauth_client:logout' %}">Logout</a>

Custom Logout

You can also create a custom logout view:

from sva_oauth_client.utils import clear_oauth_session
from django.shortcuts import redirect

def custom_logout(request):
    clear_oauth_session(request.session)
    return redirect('/')

Error Handling

Token Errors

Handle token errors gracefully:

from sva_oauth_client.utils import get_sva_claims
from sva_oauth_client.client import SVATokenError

@sva_oauth_required
def my_view(request):
    try:
        claims = get_sva_claims(request)
        # Process claims...
    except SVATokenError:
        # Token expired or invalid
        # User will be logged out automatically
        return redirect('sva_oauth_client:login')

Missing Blocks

Handle missing blocks:

@sva_blocks_required('email', 'name')
def my_view(request):
    claims = get_sva_claims(request)
    
    # If we reach here, email and name are guaranteed
    # But other blocks might be missing
    phone = claims.get('phone')  # Might be None
    
    if not phone:
        # Handle missing phone gracefully
        return render(request, 'profile.html', {
            'email': claims['email'],
            'name': claims['name'],
            'phone_required': True,
        })

Best Practices

1. Always use decorators for protected views
2. Check for None when accessing optional claims
3. Use @sva_blocks_required when specific data is required
4. Handle errors gracefully with try/except blocks
5. Clear session on logout to prevent token reuse

Next Steps

• Learn about Identity Blocks to understand available data
• Explore Token Management for advanced scenarios
• Read about Error Handling in detail