Implement a client_credentials process for read
This commit is contained in:
parent
05992d6553
commit
5ea3d5d143
|
@ -17,13 +17,17 @@ class ApiTokenMiddleware:
|
||||||
request.token = None
|
request.token = None
|
||||||
if auth_header and auth_header.startswith("Bearer "):
|
if auth_header and auth_header.startswith("Bearer "):
|
||||||
token_value = auth_header[7:]
|
token_value = auth_header[7:]
|
||||||
try:
|
if token_value == "__app__":
|
||||||
token = Token.objects.get(token=token_value, revoked=None)
|
# Special client app token value
|
||||||
except Token.DoesNotExist:
|
pass
|
||||||
return HttpResponse("Invalid Bearer token", status=400)
|
else:
|
||||||
request.user = token.user
|
try:
|
||||||
request.identity = token.identity
|
token = Token.objects.get(token=token_value, revoked=None)
|
||||||
request.token = token
|
except Token.DoesNotExist:
|
||||||
|
return HttpResponse("Invalid Bearer token", status=400)
|
||||||
|
request.user = token.user
|
||||||
|
request.identity = token.identity
|
||||||
|
request.token = token
|
||||||
request.session = None
|
request.session = None
|
||||||
response = self.get_response(request)
|
response = self.get_response(request)
|
||||||
return response
|
return response
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import base64
|
import base64
|
||||||
import json
|
import json
|
||||||
import secrets
|
import secrets
|
||||||
|
import time
|
||||||
from urllib.parse import urlparse, urlunparse
|
from urllib.parse import urlparse, urlunparse
|
||||||
|
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
|
@ -169,13 +170,16 @@ class TokenView(View):
|
||||||
return JsonResponse({"error": "invalid_grant_type"}, status=400)
|
return JsonResponse({"error": "invalid_grant_type"}, status=400)
|
||||||
|
|
||||||
if grant_type == "client_credentials":
|
if grant_type == "client_credentials":
|
||||||
# TODO: Implement client credentials flow
|
# We don't support individual client credential tokens, but instead
|
||||||
|
# just have a fixed one (since anyone can register an app at any
|
||||||
|
# time anyway)
|
||||||
return JsonResponse(
|
return JsonResponse(
|
||||||
{
|
{
|
||||||
"error": "invalid_grant_type",
|
"access_token": "__app__",
|
||||||
"error_description": "client credential flow not implemented",
|
"token_type": "Bearer",
|
||||||
},
|
"scope": "read",
|
||||||
status=400,
|
"created_at": int(time.time()),
|
||||||
|
}
|
||||||
)
|
)
|
||||||
elif grant_type == "authorization_code":
|
elif grant_type == "authorization_code":
|
||||||
code = post_data.get("code")
|
code = post_data.get("code")
|
||||||
|
|
Loading…
Reference in New Issue