WIP: Feat/verify token exists before saving

[wagnerdelima]

Fixes #
There is no issue associated with this project. However, at my framwork's list of issues you can find why I opened this pull request: wagnerdelima/drf-social-oauth2#80 (comment)

Description of the Change

Everytime save_bearer_token is called, a refresh token and access token is created. However, it's wise vefirying if they already exist in database and if they are valid (not expired or revoked). So, only then we create new tokens, otherwise, return the already existing tokens.

Checklist

• PR only contains one change (considered splitting up PR)
• unit-test added
• documentation updated
• CHANGELOG.md updated (only for user relevant changes)
• author name in AUTHORS

[wagnerdelima]

Can anyone help me in this PR? @jdp , @jezdez, @brad , @stephane, @n2ygk, @synasius and @masci

I am trying to prevent the AccessTokens and RefreshTokens from being recreated everytime we hit the create_token_response method at: https://github.com/wagnerdelima/django-oauth-toolkit/blob/d35f030960617cb4d0dbe9a3e89b797df2e7cf0c/oauth2_provider/views/mixins.py#L117-L124.

I've been struggling for a lont time. So, two tests are failing, one of them is https://github.com/wagnerdelima/django-oauth-toolkit/blob/ab74586865ce062862e09f06f080dc465ad09ee5/tests/test_authorization_code.py#L690.

So, the first time, response = self.client.post(reverse("oauth2_provider:token"), data=token_request_data, **auth_headers) is called, it creates the token successfully and nothing happens, line 702.

Then the second time it is called, line 717, it fails with:

return view(request, *args, **kwargs)
  File "/Users/wagner.delima/PycharmProjects/django-oauth-toolkit/oauth2_provider/views/base.py", line 266, in post
    token = get_access_token_model().objects.get(token=access_token)
  File "/Users/wagner.delima/PycharmProjects/django-oauth-toolkit/.tox/py39-dj32/lib/python3.9/site-packages/django/db/models/manager.py", line 85, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/Users/wagner.delima/PycharmProjects/django-oauth-toolkit/.tox/py39-dj32/lib/python3.9/site-packages/django/db/models/query.py", line 435, in get
    raise self.model.DoesNotExist(
oauth2_provider.models.AccessToken.DoesNotExist: AccessToken matching query does not exist. 

As if the access token created recently did nt exist in the database.

After some more investigation, I found out that it fails here:

if not self.request_validator.validate_code(request.client_id,
                                                    request.code, request.client, request):
            log.debug('Client, %r (%r), is not allowed access to scopes %r.',
                      request.client_id, request.client, request.scopes)
            raise errors.InvalidGrantError(request=request)

at the authorization_code.py file, at the validate_token_response method, from the oauthlib library.

So the validate_code method, found at: https://github.com/wagnerdelima/django-oauth-toolkit/blob/b0fa93f93119d675aa84a41e953e7d0202dfc980/oauth2_provider/oauth2_validators.py#L410-L424

has a grant, but it's expired therefore the return is False. Somehow, the create authorizatio code is expired:
https://github.com/wagnerdelima/django-oauth-toolkit/blob/b0fa93f93119d675aa84a41e953e7d0202dfc980/oauth2_provider/oauth2_validators.py#L631-L645

Let me know if I have been clear enough.

[n2ygk]

Can you provide a short concise description of what you are trying to accomplish? Are you saying there's a bug where the token gets saved multiple times? Are you sure that is happening?