Python django-oauth-toolkit client_credentials allows anything to go through and doesn't add user to the token
I'm using django-oauth-toolkit and I can't figure out why when I use client_credentials, I can literally insert any username/password combo and they always return a token even if the username/password combo is nowhere in the database.
This is my postman request body:
On the admin portal, I don't even see the user selected under "user":
How do I only allow valid username/password combos to return an access token and how do I attach a user to an access token?
Solution
You'll need to use 'resource owner password based' grant type, instead of 'client credentials'.
- auditlog with Django and DRF
- Why does DEBUG=False setting make my django Static Files Access fail?
- How to manage CORS in Django
- Use existing page for error 404/505 in Wagail
- How to add custom field in manytomany through table in Django
- Remove duplicates in Django ORM -- multiple rows
- Best practices for using @property with Enum values on a Django model for DRF serialization
- Django - Failed Login Redirecting To Different Page
- Page not found 404 Django media files
- How do I use Django groups and permissions?
- VSCode terminal shows incorrect python version and path, launching terminal from anaconda works perfectly
- How to use Django BinaryField to store PNG images in postgres?
- Template Syntax Error when using Django allauth
- How to add Django template tags in a different Js file
- Is it secure to store passwords as environment variables (rather than as plain text) in config files?
- Adding two factor authentication in Django/Django Rest
- Django Two Factor Auth combined with Rest Framework?
- How do I update a Django field in an HTML template
- How can I ask for user input with an action in django admin?
- Using the http.HTTPStatus class in Python to return the meaning of a HTTP status code
- How to Run Functions in Parallel or in the Background in Django Without Using Celery/Redis?
- What is the number at the end of the Django GET log?
- how to resolve latency issue with django M2M and filter_horizontal in ModelAdmin panel?
- Getting Access Denied Error When Hitting API (Although, API is working fine when running on LocalHost via Django)
- How to Give A Postgres User SuperUser Privilege Through docker-compose?
- Enter a list of values error in forms when ManyToManyField rendered with different type of input
- How to set PIPENV_IGNORE_VIRTUALENVS=1?
- Running Django process in the background
- Can we have one model serializer for multiple models having the same fields? Django Rest Framework
- How to customize django rest auth password reset email content/template