Feature/add list of urls without auth

[TomNaessens]

Sometimes, in controlled environments, we want to automaticly authorize people (even if their scopes have changed). This pull request allows the admin to add a list of callback URIs that get automaticly authorized, without any user interaction.

[JensTimmerman]

change this to if 'redirect_uri' in request.GET and request.GET['redirect_uri'] in oauth2_settings.uris_without_auth:

[palazzem]

Hi @silox,
I understand what you need but this is too specific and bound to your application. Our default behaviour is to accept only pull requests which are generic and IETF compliant.

However, I can suggest you a behaviour supported by our settings so you can write your validator with some of your logic.

In your Django settings, simply add:

OAUTH2_VALIDATOR_CLASS = 'your_application.validators.CustomOAuth2Validator'

Then in your CustomOAuth2Validator simply extend our OAuth2Validator and write your confirm_redirect_uri like follows:

from oauth2_provider.oauth2_validators import OAuth2Validator

class CustomOAuth2Validator(OAuth2Validator):

    def confirm_redirect_uri(self, client_id, code, redirect_uri, client, *args, **kwargs):
        grant = Grant.objects.get(code=code, application=client)
        allowed = grant.redirect_uri_allowed(redirect_uri)

        if not allowed:
            # Do something like this
            if redirect_uri in oauth2_settings.uris_without_auth:
              return True
        else:
            return allowed

Hope this helps!

BTW, thanks for your code proposal :)

[coveralls]

Coverage decreased (-13.23%) to 84.71% when pulling 4c8cbe3 on Silox:feature/add-list-of-urls-without-auth into a36f633 on evonove:master.

[JensTimmerman]

it seems like this was fixed in #157 thanks!