Dear Guillaume,
There is a tiny error in your documentation here: http://gmvault.org/in_depth.html
This line:

You can renew a saved oauth token with the option --renew-oauth-tok

should read:

You can renew a saved oauth token with the option --renew-oauth2-tok

The 2 is missing. The missing 2 causes an error when a user tries to renew the Oauth token. Would be great if you co

Describe the feature

Ideally the documentation should mention all the datastore models required by the OpenID Connect flows. The current documentation has this section for OAuth2.0 (https://oauthlib.readthedocs.io/en/latest/oauth2/server.html#create-your-datastore-models) but it is missing for OIDC.

There are a couple issues open right now that suggest a general restructuring of GAM code, which I agree would be good. However, one simple fix that would help both with code structure and readability of contributed code is a style guide that could be enforced during PR review.

The main file is over 13k lines, at this point, and lacks a consistent style and structure throughout, making it diff

Describe the bug
In my application, based on the user property, I need to change the request.user to a different user.

class CustomMiddleware:
  def __init__(self, get_response):
     self.get_response = get_response

  def __call__(self, request):
     print(request.user)

     response = self.get_response(request)
     return response

and the MIDDLEWARE stack is

authlib contains pretty much all you need to implement JWT token validation. It would be nice if there was a simple default one provided. I'm not sure how many moving parts it would have. If no single validator would cover 80% of cases, maybe provide more docs on how to assemble one.

@lepture If you have a general idea of how you would like to see this implemented I would probably be able to do

$ curl 'http://127.0.0.1:5000/auth/oauth2/token?grant_type=client_credentials' --user 'documentation:KQ()SWK)SQK)QWSKQW(SKQ)S(QWSQW(SJ*HQ&HQW*SQ*^SSQWSGQSG'
{"access_token": "lYoijoYaTgXZi1bLQTs4PuItKsNHNY", "token_type": "Bearer", "expires_in": 3600, "scope": "users:write teams:write auth:write users:read auth:read teams:read"}

Grab the above access_token and access protected resour

Link : https://django-graphql-jwt.domake.io/en/latest/authentication.html#delete-cookies
Section : Delete Cookies
Wrong : # Long running refresh tokens
delete_refresh_token_cookie =
graphql_jwt.refresh_token.DeleteRefreshTokenCookie.Field()

Right : # Long running refresh tokens
delete_refresh_token_cookie =
graphql_jwt.DeleteRefreshTokenCookie.Field()

Django doesn't guarantee a consistent ordering of models without an
explicit default ordering.

https://github.com/juanifioren/django-oidc-provider/blob/f0daed07b2ac7608565b80d4c80ccf04d8c416a8/oidc_provider/lib/utils/token.py#L158

Rotating RSA keys requires a consistent ordering, because the first key in the set of keys is always used for signing. Should we add a default ordering?

See ht

card of a viewed profile

I'm developing a middleware where I store a GUID for each request and was doing tests on how this performs with gunicorn settings such as --threads 4 and -w 4. (Docs)

Together with this, I do a lot of requests with ab. Examp