def save_bearer_token(self, token, request, *args, **kwargs): """ Persist the Bearer token. """ if request.refresh_token: # Revoke Refresh Token (and related Access Token) try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: # Already revoked? assert () expires = timezone.now() + timedelta(seconds=oauth_api_settings.ACCESS_TOKEN_EXPIRATION) user = request.user if request.grant_type == 'client_credentials': user = None access_token = AccessToken( user=user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: if oauth_api_settings.REFRESH_TOKEN_EXPIRATION is not None: expires = timezone.now() + timedelta(seconds=oauth_api_settings.REFRESH_TOKEN_EXPIRATION) else: expires = None refresh_token = RefreshToken( user=request.user, token=token['refresh_token'], expires=expires, application=request.client, access_token=access_token) refresh_token.save() return request.client.default_redirect_uri
def test_allow_scopes(self): app = Appliation( name='Test App', redirect_uris='http://localhost http://example.com', user=self.dev_user, client_type=Appliation.CLIENT_CONFIDENTIAL, authorization_grant_type=Appliation.GRANT_AUTHORIZATION_CODE, ) access_token = AccessToken( user=self.dev_user, scope='read write', expires=0, token='', application=app, ) self.assertTrue(access_token.allow_scopes(['read', 'write'])) self.assertTrue(access_token.allow_scopes(['write', 'read'])) self.assertTrue(access_token.allow_scopes(['write', 'read', 'read'])) self.assertTrue(access_token.allow_scopes([])) self.assertFalse(access_token.allow_scopes(['read', 'invalid']))