Implement a client_credentials process for read

This commit is contained in:
Andrew Godwin 2023-03-06 15:48:43 -07:00
parent 05992d6553
commit 5ea3d5d143
2 changed files with 20 additions and 12 deletions

View file

@ -17,13 +17,17 @@ class ApiTokenMiddleware:
request.token = None
if auth_header and auth_header.startswith("Bearer "):
token_value = auth_header[7:]
try:
token = Token.objects.get(token=token_value, revoked=None)
except Token.DoesNotExist:
return HttpResponse("Invalid Bearer token", status=400)
request.user = token.user
request.identity = token.identity
request.token = token
if token_value == "__app__":
# Special client app token value
pass
else:
try:
token = Token.objects.get(token=token_value, revoked=None)
except Token.DoesNotExist:
return HttpResponse("Invalid Bearer token", status=400)
request.user = token.user
request.identity = token.identity
request.token = token
request.session = None
response = self.get_response(request)
return response

View file

@ -1,6 +1,7 @@
import base64
import json
import secrets
import time
from urllib.parse import urlparse, urlunparse
from django.contrib.auth.mixins import LoginRequiredMixin
@ -169,13 +170,16 @@ class TokenView(View):
return JsonResponse({"error": "invalid_grant_type"}, status=400)
if grant_type == "client_credentials":
# TODO: Implement client credentials flow
# We don't support individual client credential tokens, but instead
# just have a fixed one (since anyone can register an app at any
# time anyway)
return JsonResponse(
{
"error": "invalid_grant_type",
"error_description": "client credential flow not implemented",
},
status=400,
"access_token": "__app__",
"token_type": "Bearer",
"scope": "read",
"created_at": int(time.time()),
}
)
elif grant_type == "authorization_code":
code = post_data.get("code")