Hello,
In here https://github.com/jazzband/django-oauth-toolkit/blob/master/oauth2_provider/contrib/rest_framework/authentication.py, the authenticate method has a hidden that effect. On authentication error, it sets a oauth2_error attribute on the request and then authenticate_header assumes it's there.
This caused me an issue because I have subclasses OAuth2Authentication and to override authenticate. Of course I did not know of this "side effect" and a lot of tests started to fail on my project. Was quite hard to debug.
Granted it's odd that we override this class, we have legacy reasons to do so. I think the authenticate_header method should be more relaxed and look like
if hasattr(request, 'oauth2_error'):
www_authenticate_attributes.update(request.oauth2_error)
What do you think?
Hello,
In here https://github.com/jazzband/django-oauth-toolkit/blob/master/oauth2_provider/contrib/rest_framework/authentication.py, the
authenticatemethod has a hidden that effect. On authentication error, it sets aoauth2_errorattribute on the request and thenauthenticate_headerassumes it's there.This caused me an issue because I have subclasses
OAuth2Authenticationand to overrideauthenticate. Of course I did not know of this "side effect" and a lot of tests started to fail on my project. Was quite hard to debug.Granted it's odd that we override this class, we have legacy reasons to do so. I think the
authenticate_headermethod should be more relaxed and look likeWhat do you think?