Praful Bagai
Reputation: 17412
DjangOAuthToolkit - How to have different read/write scope for a View?
I'm using DRF and OAuthToolkit. Here is my view:-
class UserDetailView(RetrieveUpdateDestroyAPIView):
serializer_class = UserUpdateSerializer
permission_classes = [TokenHasResourceScope]
required_scopes = ['user_detail']
Now, the above view will support GET, PUT, PATCH, and DELETE methods. Now, if I create a token with a scope as user_detail, it will give access to all the methods. However, I want different read/write scopes for SAFE and UNSAFE methods.
Upon reading OAuthToolkit code for TokenHasResourceScope, it create scopes for SAFE and UNSAFE methods, ie user_detail:read and user_detail:write.
Now, if the client request for user_detail:read scope, the library returns invalid scope.
How do I support scopes for read and write of a particular view differently?
Upvotes: 2
Views: 135
Answers (0)
Related Questions
- How to set multiple permissions in one class view, depending on http request
- Django OAuthToolkit Scopes per specific method
- Granting access to other class views upon receiving JWT token Django REST
- django oauth toolkit `or` in required scopes in view
- Django - user permissions to certain views?
- Implement Django oauth to 2 Different User Models
- Django OAuth Toolkit with Multiple Grants
- Using django permissions in template tags
- Adding permissions to django-allauth's OAuth token
- Django, switching views basing on the request