Skip authentication for direct POST on endpoint

The solution fixes a problem of automation when user should get an authorization code to send it to a client to exchange to token(hashikorp vault in example). ``` curl -k -vvv -sXPOST "http://127.0.0.1:8000/authorize/" -d"grant_type=authorization_code&response_type=code&client_id=testvault&username=xxx&password=xxx&redirect_uri=http://127.0.0.1:8000&scope=openid profile&allow=1" ``` will look like ``` curl -k -vvv -sXPOST "http://127.0.0.1:8000/authorize/" -d"grant_type=authorization_code&response_type=code&client_id=testvault&username=xxx&password=xxx&redirect_uri=http://127.0.0.1:8000&scope=openid profile" ``` as it should.
jazzband · Nov 10, 2023 · 60dc92f · 60dc92f
1 parent e15e245
commit 60dc92f
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py
@@ -127,7 +127,12 @@ def form_valid(self, form):
             credentials["claims"] = form.cleaned_data.get("claims")
 
         scopes = form.cleaned_data.get("scope")
-        allow = form.cleaned_data.get("allow")
+
+
+        if application.skip_authorization:
+            allow = True
+        else:
+            allow = form.cleaned_data.get("allow")
 
         try:
             uri, headers, body, status = self.create_authorization_response(