Wrap OAuth2 tokens in a OAuth2Token class.

The OAuth2Token class allows for easy checking of scope
changes and might be extended with further convenience
methods in the future.

Additionally, the Warning raised on scope change will now
include a ``token`` parameter with a full OAuth 2 token
in case scope change is fine, which ideally it should be.

Users who don't want to catch a warning can instead
check the boolean token property ``token.scope_changed``. Note
that the warning must first be disabled by setting the
environment variable ``OAUTHLIB_RELAX_TOKEN_SCOPE``.

1 files changed, 7 insertions, 0 deletions

diff --git a/tests/oauth2/rfc6749/clients/test_web_application.py b/tests/oauth2/rfc6749/clients/test_web_application.py
index 6f7b7e1..103c166 100644
--- a/tests/oauth2/rfc6749/clients/test_web_application.py
+++ b/tests/oauth2/rfc6749/clients/test_web_application.py
@@ -2,6 +2,7 @@
 from __future__ import absolute_import, unicode_literals
 
 import datetime
+import os
 
 from mock import patch
 
@@ -128,6 +129,12 @@ class WebApplicationClientTest(TestCase):
         self.assertEqual(client.token_type, response.get("token_type"))
 
         # Mismatching state
+        self.assertRaises(Warning, client.parse_request_body_response, self.token_json, scope="invalid")
+        os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE'] = '1'
+        token = client.parse_request_body_response(self.token_json, scope="invalid")
+        self.assertTrue(token.scope_changed)
+        del os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE']
+
         scope_changes_recorded = []
         def record_scope_change(sender, message, old, new):
             scope_changes_recorded.append((message, old, new))