This is about making Review Board work as an OAuth2 provider, so that other services can link up with Review Board and request permissions to perform operations.
About the code

the add_valid_policy_ids in reviewboard/settings.py is a recursive function to walking the WebAPIResource tree for adding scopes to OAUTH2_PROVIDER.SCOPES which will be used for validation in AccessToken.allow_scopes (in oauth2_provider/models.py)



modify WebAPIResource.call_method_view (in reviewboard/webapi/base.py) to not just check the policies around API Tokens, but also any OAuth2 tokens.


How to use

Firstly install the toolkit:

pip install django-oauth-toolkit


Now we can use following shell to get the access token.

curl -X POST -d "grant_type=password&username=<user_name>&password=<password>&scope=read" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/


We can use following code to access UserResource [We use WebAPIResource.policy_id for the scope name of that resource]. Thus we succuessfully apply the verify mechanism to our code.

curl -H "Authorization: Bearer <your_access_token_with_user_scope>" http://localhost:8000/api/users/<username>/