def save_bearer_token(self, token, request, *args, **kwargs):
"""
Persist the Bearer token.
"""
if request.refresh_token:
# Revoke Refresh Token (and related Access Token)
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
# Already revoked?
assert ()
expires = timezone.now() + timedelta(seconds=oauth_api_settings.ACCESS_TOKEN_EXPIRATION)
user = request.user
if request.grant_type == 'client_credentials':
user = None
access_token = AccessToken(
user=user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
if oauth_api_settings.REFRESH_TOKEN_EXPIRATION is not None:
expires = timezone.now() + timedelta(seconds=oauth_api_settings.REFRESH_TOKEN_EXPIRATION)
else:
expires = None
refresh_token = RefreshToken(
user=request.user,
token=token['refresh_token'],
expires=expires,
application=request.client,
access_token=access_token)
refresh_token.save()
return request.client.default_redirect_uri
def test_allow_scopes(self):
app = Appliation(
name='Test App',
redirect_uris='http://localhost http://example.com',
user=self.dev_user,
client_type=Appliation.CLIENT_CONFIDENTIAL,
authorization_grant_type=Appliation.GRANT_AUTHORIZATION_CODE,
)
access_token = AccessToken(
user=self.dev_user,
scope='read write',
expires=0,
token='',
application=app,
)
self.assertTrue(access_token.allow_scopes(['read', 'write']))
self.assertTrue(access_token.allow_scopes(['write', 'read']))
self.assertTrue(access_token.allow_scopes(['write', 'read', 'read']))
self.assertTrue(access_token.allow_scopes([]))
self.assertFalse(access_token.allow_scopes(['read', 'invalid']))
