This is about making Review Board work as an OAuth2 provider, so that other services can link up with Review Board and request permissions to perform operations.

About the code

  • the add_valid_policy_ids in reviewboard/settings.py is a recursive function to walking the WebAPIResource tree for adding scopes to OAUTH2_PROVIDER.SCOPES which will be used for validation in AccessToken.allow_scopes (in oauth2_provider/models.py)

  • modify WebAPIResource.call_method_view (in reviewboard/webapi/base.py) to not just check the policies around API Tokens, but also any OAuth2 tokens.

How to use

  • Firstly install the toolkit:
pip install django-oauth-toolkit
  • Now we can use following shell to get the access token.
curl -X POST -d "grant_type=password&username=<user_name>&password=<password>&scope=read" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/
  • We can use following code to access UserResource [We use WebAPIResource.policy_id for the scope name of that resource]. Thus we succuessfully apply the verify mechanism to our code.
curl -H "Authorization: Bearer <your_access_token_with_user_scope>" http://localhost:8000/api/users/<username>/