diff --git a/rowers/views.py b/rowers/views.py
index 901f156d..d61d7eba 100644
--- a/rowers/views.py
+++ b/rowers/views.py
@@ -4455,7 +4455,8 @@ class JSONResponse(HttpResponse):
         content = JSONRenderer().render(data)
         kwargs['content_type'] = 'application/json'
         super(JSONResponse, self).__init__(content, **kwargs)
-        
+
+@login_required()
 def strokedatajson(request,id):
     try:
 	row = Workout.objects.get(id=id)
diff --git a/rowsandall_app/settings.py b/rowsandall_app/settings.py
index 6fb6d4b7..d608b6af 100644
--- a/rowsandall_app/settings.py
+++ b/rowsandall_app/settings.py
@@ -50,13 +50,21 @@ INSTALLED_APPS = [
     'rest_framework',
     'rest_framework_swagger',
     'oauth2_provider',
+    'corsheaders',
 ]
 
+AUTHENTICATION_BACKENDS = (
+    'oauth2_provider.backends.OAuth2Backend',
+    # Uncomment following if you want to access the admin
+    'django.contrib.auth.backends.ModelBackend',
+)
+
 MIDDLEWARE_CLASSES = [
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.locale.LocaleMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
@@ -90,6 +98,8 @@ TEMPLATES = [
 ]
 
 
+#CORS_ORIGIN_ALLOW_ALL = True
+
 WSGI_APPLICATION = 'rowsandall_app.wsgi.application'
 
 
@@ -234,6 +244,14 @@ EMAIL_USE_TLS = True
 FORECAST_IO_KEY = "bc8196fbd89f11375c7dfc8aa6323c72"
 GMAPIKEY = "AIzaSyAgu1w9QSthaGPMLp8y9JedPoMc9sfEgJ8"
 
+# OAUTH2
+
+OAUTH2_PROVIDER = {
+    # this is the list of available scopes
+    'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
+}
+
+
 # REST Framework
 
 REST_FRAMEWORK = {