From b0535def87c24a9d8767616cc08d26de0f1e35f2 Mon Sep 17 00:00:00 2001
From: Clinton Blackburn <cblackburn@edx.org>
Date: Wed, 13 Apr 2016 12:31:11 -0400
Subject: [PATCH] Improved OAuth client credentials support

- Updated django-oauth2-provider libraries
- Added test ensuring issued access tokens have the basic scopes needed to get user info

ECOM-4197
---
 .../tests/test_client_credentials.py          | 40 +++++++++++++++++++
 requirements/edx/base.txt                     |  4 +-
 2 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py

diff --git a/lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py b/lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py
new file mode 100644
index 00000000000..749f712c0c6
--- /dev/null
+++ b/lms/djangoapps/oauth_dispatch/tests/test_client_credentials.py
@@ -0,0 +1,40 @@
+""" Tests for OAuth 2.0 client credentials support. """
+import json
+
+from django.core.urlresolvers import reverse
+from django.test import TestCase
+from edx_oauth2_provider.tests.factories import ClientFactory
+from provider.oauth2.models import AccessToken
+from student.tests.factories import UserFactory
+
+
+class ClientCredentialsTest(TestCase):
+    """ Tests validating the client credentials grant behavior. """
+
+    def setUp(self):
+        super(ClientCredentialsTest, self).setUp()
+
+        self.user = UserFactory()
+        self.oauth_client = ClientFactory(user=self.user)
+
+    def test_access_token(self):
+        """ Verify the client credentials grant can be used to obtain an access token whose default scopes allow access
+        to the user info endpoint.
+        """
+        data = {
+            'grant_type': 'client_credentials',
+            'client_id': self.oauth_client.client_id,
+            'client_secret': self.oauth_client.client_secret
+        }
+        response = self.client.post(reverse('oauth2:access_token'), data)
+        self.assertEqual(response.status_code, 200)
+
+        access_token = json.loads(response.content)['access_token']
+        expected = AccessToken.objects.filter(client=self.oauth_client, user=self.user).first().token
+        self.assertEqual(access_token, expected)
+
+        headers = {
+            'HTTP_AUTHORIZATION': 'Bearer ' + access_token
+        }
+        response = self.client.get(reverse('oauth2:user_info'), **headers)
+        self.assertEqual(response.status_code, 200)
diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt
index fde9802b44f..1f2dfed47ff 100644
--- a/requirements/edx/base.txt
+++ b/requirements/edx/base.txt
@@ -39,8 +39,8 @@ djangorestframework-oauth==1.1.0
 edx-ccx-keys==0.1.2
 edx-lint==0.4.3
 edx-management-commands==0.0.1
-edx-django-oauth2-provider==1.0.2
-edx-oauth2-provider==1.0.0
+edx-django-oauth2-provider==1.0.3
+edx-oauth2-provider==1.0.1
 edx-opaque-keys==0.2.1
 edx-organizations==0.4.0
 edx-rest-api-client==1.2.1
-- 
GitLab