def test_creating_a_token_disallowed_scope(self):
"""
Test creating an access token when specifying a scope that the app hasn't been assigned.
"""
app_and_scope = OAuthApplicationScopeFactory(scopes=[
TestScope.test_scope_1,
])
app = app_and_scope.application
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=_create_auth_header(
app.client_id, app.client_secret), )
data = {
'grant_type': 'client_credentials',
'scope': TestScope.test_scope_2.value,
}
url = reverse('token')
response = client.post(
url,
data=urlencode(data),
content_type='application/x-www-form-urlencoded',
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.json() == {
'error': 'invalid_scope',
}
def test_creating_a_token_default_scope(self):
"""Test creating an access token with default application scopes."""
app_and_scope = OAuthApplicationScopeFactory(
scopes=[TestScope.test_scope_1])
app = app_and_scope.application
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=_create_auth_header(
app.client_id, app.client_secret), )
data = {'grant_type': 'client_credentials'}
url = reverse('token')
response = client.post(
url,
data=urlencode(data),
content_type='application/x-www-form-urlencoded',
)
assert response.status_code == status.HTTP_200_OK
assert response.json()['scope'] == TestScope.test_scope_1