Implement a client_credentials process for read

2023-03-06 15:48:43 -07:00 · 2023-03-06 15:48:43 -07:00 · 5ea3d5d143
parent 05992d6553
commit 5ea3d5d143
2 changed files with 20 additions and 12 deletions
--- a/api/middleware.py
+++ b/api/middleware.py
@ -17,13 +17,17 @@ class ApiTokenMiddleware:
        request.token = None
        if auth_header and auth_header.startswith("Bearer "):
            token_value = auth_header[7:]
-            try:
-                token = Token.objects.get(token=token_value, revoked=None)
-            except Token.DoesNotExist:
-                return HttpResponse("Invalid Bearer token", status=400)
-            request.user = token.user
-            request.identity = token.identity
-            request.token = token
+            if token_value == "__app__":
+                # Special client app token value
+                pass
+            else:
+                try:
+                    token = Token.objects.get(token=token_value, revoked=None)
+                except Token.DoesNotExist:
+                    return HttpResponse("Invalid Bearer token", status=400)
+                request.user = token.user
+                request.identity = token.identity
+                request.token = token
            request.session = None
        response = self.get_response(request)
        return response
--- a/api/views/oauth.py
+++ b/api/views/oauth.py
@ -1,6 +1,7 @@
 import base64
 import json
 import secrets
+import time
 from urllib.parse import urlparse, urlunparse

 from django.contrib.auth.mixins import LoginRequiredMixin
@ -169,13 +170,16 @@ class TokenView(View):
            return JsonResponse({"error": "invalid_grant_type"}, status=400)

        if grant_type == "client_credentials":
-            # TODO: Implement client credentials flow
+            # We don't support individual client credential tokens, but instead
+            # just have a fixed one (since anyone can register an app at any
+            # time anyway)
            return JsonResponse(
                {
-                    "error": "invalid_grant_type",
-                    "error_description": "client credential flow not implemented",
-                },
-                status=400,
+                    "access_token": "__app__",
+                    "token_type": "Bearer",
+                    "scope": "read",
+                    "created_at": int(time.time()),
+                }
            )
        elif grant_type == "authorization_code":
            code = post_data.get("code")