Permission class for checking OAuth token

notesapi/v1/permissions.py

+from rest_framework.permissions import BasePermission
+from provider.oauth2.models import AccessToken
+
+class HasAccessToken(BasePermission):
+    """
+    Allow requests having valid AccessToken.
+    """
+    def has_permission(self, request, view):
+        try:
+            # expected HTTP Header "Authorization: Bearer TOKEN"
+            AccessToken.objects.get_token(request.META["HTTP_AUTHORIZATION"].split()[1])
+            return True
+        except AccessToken.DoesNotExist:
+            return False

notesserver/settings/common.py

+import os, json
+
 DEBUG = False
 TEMPLATE_DEBUG = False
 USE_TZ = True
@@ -32,3 +34,21 @@ REST_FRAMEWORK = {
 }
 
 CORS_ORIGIN_ALLOW_ALL = True
+
+# SERVICE_VARIANT specifies name of the variant used, which decides what JSON
+# configuration files are read during startup.
+SERVICE_VARIANT = os.environ.get('SERVICE_VARIANT', 'lms')
+
+# CONFIG_ROOT specifies the directory where the JSON configuration
+# files are expected to be found.
+CONFIG_ROOT = os.environ.get('CONFIG_ROOT', "/edx/app/edxapp")
+
+# CONFIG_PREFIX specifies the prefix of the JSON configuration files,
+# based on the service variant. If no variant is use, don't use a
+# prefix.
+CONFIG_PREFIX = SERVICE_VARIANT + "." if SERVICE_VARIANT else ""
+
+with open(os.path.join(CONFIG_ROOT, CONFIG_PREFIX + "auth.json")) as auth_file:
+    AUTH_TOKENS = json.load(auth_file)
+
+DATABASES = AUTH_TOKENS['DATABASES']
\ No newline at end of file

requirements/base.txt

 Django==1.7.1
+requests==2.4.3
 djangorestframework==2.4.4
 django-rest-swagger==0.2.0
 elasticsearch==1.2.0
 annotator==0.12.0
 django-cors-headers==0.13
 path.py==7.0
-
+MySQL-python==1.2.4
+-e git+https://github.com/edx/django-oauth2-provider.git@0.2.7-fork-edx-2#egg=django-oauth2-provider
 
 # Testing
 django_nose==1.2