Handle invalid token format exceptions as invalid tokens

thinkwelltwd · thinkwelltwd · commit ff31d8db46c7 · 2020-08-28T15:21:34.000-04:00
diff --git a/oauth2_provider/views/mixins.py b/oauth2_provider/views/mixins.py
@@ -288,11 +288,13 @@ def dispatch(self, request, *args, **kwargs):
         if not valid:
             # Alternatively allow access tokens
             # check if the request is valid and the protected resource may be accessed
-            valid, r = self.verify_request(request)
-            if valid:
-                request.resource_owner = r.user
-                return super().dispatch(request, *args, **kwargs)
-            else:
-                return HttpResponseForbidden()
+            try:
+                valid, r = self.verify_request(request)
+                if valid:
+                    request.resource_owner = r.user
+                    return super().dispatch(request, *args, **kwargs)
+            except ValueError:
+                pass
+            return HttpResponseForbidden()
         else:
             return super().dispatch(request, *args, **kwargs)
