Django oauth2 toolkit provider, grant third application access

Question

A Django site acts as an oauth2 provider. A setup for an app tomcat_app looks like:

Whenever somebody tries to login into tomcat_app a user will get redirected to Django. If the user can provide valid credentials they will get redirected to tomcat_app. So far so good. Tomcat_app further offers a REST API which is aware of the oauth2 workflow. If the reqeust supplies a valid token requests will get accepted.

The knot in my head: A third server should be granted to use the tomcat_app rest api as well. Is it possible to

• setup a new user in django externalapp_user/externalapp_password
• obtaining a key for tomcat_app by sending the new users credentials to django

Where I'm puzzled is, is how to correctly send the credentials and how to deal with the redirect url. I'm looking for something similar to client type: public and Authorization grant type: Resource ownder password-based

curl -X POST -d "grant_type=password&username=admin&password=admin" http://client:secret@localhost/o/token/

Answer 1

What I understand from the django-oauth-toolkit documentation is that: If you want to use 'Resource owner password-based' Authorization grant type you need to have the user registered on your tomcat_app.

But if you don't want to have the user registered on your app and still provide him with the api endpoint, It is better to use 'Client credentials' Authorization grant type. This will give the third party app the ability to access your api endpoints after they login their users.

You can check out the documentation for better understanding the 'Client credential' flow.