lehoangm got a fish trophy!
[OAuth2Provider][WIP] Enabling OAuth2 authorization on Web API
Review Request #7997 — Created Feb. 25, 2016 and discarded — Latest diff uploaded
Prior to this commit, there is no mechanism to authorize resources using OAuth2
protocol. In this commit, OAuth2 authorization mechanism is added to
the current authorization mechanism for web API resources.
Services now can follow OAuth2 protocol, send a request with appropriate
authorization header to work with Djblet's resources. External services can
request a token with specify scope through OAuth2 protocol. When using Djblet's
API resource, the scope of a token is checked to make sure that the
external service has the right permission the resource.This commit also adding unit tests for all current backend authentication:
the base authentication class, the basic authentication via username and
password, the api_token authentication, and the newly added oauth2
authentication backend.
Add test_base_auth_backend to test WebAPIAuthBackend
Add test_basic_auth_backend to test WebAPIBasicAuthBackend
Add test_api_auth_backend to test WebAPITokenAuthBackend
Add test_oauth2_auth_backend to test OAuth2TokenAuthBackendThere should be one more for ResourceOAuth2TokenMixin