Merge pull request #12138 from edx/clintonb/oauth-client-credentials-update

Improved OAuth client credentials support

Merge pull request #12138 from edx/clintonb/oauth-client-credentials-update
Improved OAuth client credentials support
7ec71f2d · Clinton Blackburn · 9e548cd8 · b0535def · 7ec71f2d · 7ec71f2d
Commit 7ec71f2d authored Apr 14, 2016 by Clinton Blackburn
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 2 deletions

lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py
+40 -0

requirements/edx/base.txt
+2 -2

No files found.
--- a/lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py
+++ b/lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py
+""" Tests for OAuth 2.0 client credentials support. """
+import json
+
+from django.core.urlresolvers import reverse
+from django.test import TestCase
+from edx_oauth2_provider.tests.factories import ClientFactory
+from provider.oauth2.models import AccessToken
+from student.tests.factories import UserFactory
+
+
+class ClientCredentialsTest(TestCase):
+    """ Tests validating the client credentials grant behavior. """
+
+    def setUp(self):
+        super(ClientCredentialsTest, self).setUp()
+
+        self.user = UserFactory()
+        self.oauth_client = ClientFactory(user=self.user)
+
+    def test_access_token(self):
+        """ Verify the client credentials grant can be used to obtain an access token whose default scopes allow access
+        to the user info endpoint.
+        """
+        data = {
+            'grant_type': 'client_credentials',
+            'client_id': self.oauth_client.client_id,
+            'client_secret': self.oauth_client.client_secret
+        }
+        response = self.client.post(reverse('oauth2:access_token'), data)
+        self.assertEqual(response.status_code, 200)
+
+        access_token = json.loads(response.content)['access_token']
+        expected = AccessToken.objects.filter(client=self.oauth_client, user=self.user).first().token
+        self.assertEqual(access_token, expected)
+
+        headers = {
+            'HTTP_AUTHORIZATION': 'Bearer ' + access_token
+        }
+        response = self.client.get(reverse('oauth2:user_info'), **headers)
+        self.assertEqual(response.status_code, 200)
--- a/requirements/edx/base.txt
+++ b/requirements/edx/base.txt
@@ -39,8 +39,8 @@ djangorestframework-oauth==1.1.0
 edx-ccx-keys==0.1.2
 edx-lint==0.4.3
 edx-management-commands==0.0.1
-edx-django-oauth2-provider==1.0.2
-edx-oauth2-provider==1.0.0
+edx-django-oauth2-provider==1.0.3
+edx-oauth2-provider==1.0.1
 edx-opaque-keys==0.2.1
 edx-organizations==0.4.0
 edx-rest-api-client==1.2.1