Ensure device token errors are returning 400

jazzband · Jan 31, 2025 · 232df5d · 232df5d
1 parent c2243dc
commit 232df5d
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py
@@ -6,7 +6,7 @@
 from django import http
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.views import redirect_to_login
-from django.http import HttpResponse
+from django.http import HttpResponse, JsonResponse
 from django.shortcuts import resolve_url
 from django.utils import timezone
 from django.utils.decorators import method_decorator
@@ -323,10 +323,18 @@ def device_flow_token_response(
         device = Device.objects.get(device_code=device_code)
 
         if device.status == device.AUTHORIZATION_PENDING:
-            raise AuthorizationPendingError
+            pending_error = AuthorizationPendingError()
+            return http.HttpResponse(
+                content=pending_error.json, status=pending_error.status_code, content_type="application/json"
+            )
 
         if device.status == device.DENIED:
-            raise AccessDenied
+            access_denied_error = AccessDenied()
+            return http.HttpResponse(
+                content=access_denied_error.json,
+                status=access_denied_error.status_code,
+                content_type="application/json",
+            )
 
         url, headers, body, status = self.create_token_response(request)