From 232df5d80830ff0759fdc77a3baa60a1d91e6d1f Mon Sep 17 00:00:00 2001 From: David Uzumaki <56260075+duzumaki@users.noreply.github.com> Date: Wed, 29 Jan 2025 23:57:25 +0000 Subject: [PATCH] Ensure device token errors are returning 400 --- oauth2_provider/views/base.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py index 7d12f327..72267571 100644 --- a/oauth2_provider/views/base.py +++ b/oauth2_provider/views/base.py @@ -6,7 +6,7 @@ from django import http from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.views import redirect_to_login -from django.http import HttpResponse +from django.http import HttpResponse, JsonResponse from django.shortcuts import resolve_url from django.utils import timezone from django.utils.decorators import method_decorator @@ -323,10 +323,18 @@ def device_flow_token_response( device = Device.objects.get(device_code=device_code) if device.status == device.AUTHORIZATION_PENDING: - raise AuthorizationPendingError + pending_error = AuthorizationPendingError() + return http.HttpResponse( + content=pending_error.json, status=pending_error.status_code, content_type="application/json" + ) if device.status == device.DENIED: - raise AccessDenied + access_denied_error = AccessDenied() + return http.HttpResponse( + content=access_denied_error.json, + status=access_denied_error.status_code, + content_type="application/json", + ) url, headers, body, status = self.create_token_response(request)