Added scopes claim to JWT access tokens (#12571)

This will allow API servers to limit access based on scopes.

Added scopes claim to JWT access tokens (#12571)
This will allow API servers to limit access based on scopes.
f6d9c9a3 · Clinton Blackburn · a9a3fabf · f6d9c9a3 · f6d9c9a3 · f6d9c9a3
Commit f6d9c9a3 authored May 26, 2016 by Clinton Blackburn
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletions

lms/djangoapps/oauth_dispatch/tests/mixins.py
+1 -0

lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py
+3 -1

lms/djangoapps/oauth_dispatch/views.py
+1 -0

No files found.
--- a/lms/djangoapps/oauth_dispatch/tests/mixins.py
+++ b/lms/djangoapps/oauth_dispatch/tests/mixins.py
@@ -34,6 +34,7 @@ class AccessTokenMixin(object):
            'aud': audience,
            'iss': issuer,
            'preferred_username': user.username,
+            'scopes': scopes,
        }

        if 'email' in scopes:

--- a/lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py
+++ b/lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py
 """ Tests for OAuth 2.0 client credentials support. """
+from __future__ import unicode_literals
+
 import json

 from django.core.urlresolvers import reverse
@@ -52,7 +54,7 @@ class ClientCredentialsTest(mixins.AccessTokenMixin, TestCase):
            redirect_uri=DUMMY_REDIRECT_URL,
            client_id='dot-app-client-id',
        )
-        scopes = ('read', 'write', 'email')
+        scopes = ['read', 'write', 'email']
        data = {
            'grant_type': 'client_credentials',
            'client_id': application.client_id,

--- a/lms/djangoapps/oauth_dispatch/views.py
+++ b/lms/djangoapps/oauth_dispatch/views.py
@@ -130,6 +130,7 @@ class AccessTokenView(_DispatchingView):
            'exp': now + expires_in,
            'iat': now,
            'preferred_username': user.username,
+            'scopes': scopes,
        }

        for scope in scopes: