Add an authorize endpoint that uses JSON instead of a Django template…

[jhnbyrn]

…/HTML form

Fixes #1305

Description of the Change

For single page applications it would be handy to be able to get the data for the authorization page as JSON and then render the authorization page on the client side, and similarly post the results as JSON rather than as a HTML form.

Checklist

• PR only contains one change (considered splitting up PR)
• unit-test added
• documentation updated
• CHANGELOG.md updated (only for user relevant changes)
• author name in AUTHORS

[codecov]

Codecov Report

Merging #1306 (78bd3e8) into master (a4ae1d4) will increase coverage by 0.00%.
The diff coverage is 95.83%.

@@           Coverage Diff           @@
##           master    #1306   +/-   ##
=======================================
  Coverage   97.37%   97.38%           
=======================================
  Files          32       32           
  Lines        2022     2028    +6     
=======================================
+ Hits         1969     1975    +6     
  Misses         53       53           

Files Changed	Coverage Δ
oauth2_provider/views/base.py	97.97% <95.83%> (+0.08%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[dashdanw]

you could potentially avoid iteration by filtering by your desired scopes (assuming the scopes var here is the required scopes of the view)

Suggested change

	.objects.filter(
	scopes_filter = { 'scopes__icontains': scope for scope in scopes }
	.objects.filter(
	user=request.user,
	application=kwargs["application"],
	expires__gt=timezone.now(),
	**scopes_filter
	).first()

[dopry]

@jhnbyrn can you rebase this.. i'm open to using a mixin here if it enables you use case and doesn't break existing functionality.

[Copilot]

Pull Request Overview

This PR refactors the AuthorizationView.get() method by extracting its core authorization logic into a new AuthorizationMixin.get_context() method, enabling code reuse across multiple authorization views.

• Introduces AuthorizationMixin class with get_context() method containing the extracted authorization logic
• Simplifies AuthorizationView.get() to call get_context() and handle the response type
• Removes a blank line in form_valid() method

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The get_context method lacks a docstring. This method performs complex authorization logic and has multiple return types (dict or HttpResponse). Add a docstring explaining its purpose, parameters, return values (including the dual return type behavior), and any exceptions that may be raised.

Suggested change

	def get_context(self, request, *args, **kwargs):
	def get_context(self, request, *args, **kwargs):
	"""
	Process the OAuth2 authorization request and build the context for the authorization view.
	This method performs complex authorization logic, including validating the authorization request,
	handling special prompt parameters, checking for prior user consent, and preparing context data
	for the authorization form.
	Parameters:
	request (HttpRequest): The current HTTP request object.
	*args: Additional positional arguments.
	**kwargs: Additional keyword arguments used to build the context.
	Returns:
	dict: A context dictionary containing authorization data for rendering the authorization form,
	if user consent is required.
	HttpResponse: An HTTP response (such as a redirect or error response) if the authorization
	request is invalid, or if user consent can be skipped.
	Side Effects:
	Sets self.oauth2_data to the context dictionary if consent is required.
	Exceptions:
	OAuthToolkitError: Raised if the authorization request is invalid. In this case, an error
	response is returned.
	"""

[Copilot]

[nitpick] The dual return type pattern (dict vs HttpResponse) from get_context() creates implicit behavior that's difficult to follow. Consider using a more explicit pattern, such as a tuple (should_render, data) or separate methods for validation vs. context preparation to make the control flow clearer.

Suggested change

	context = self.get_context(request, *args, **kwargs)
	if isinstance(context, dict):
	form = self.get_form(self.get_form_class())
	context["form"] = form
	return self.render_to_response(self.get_context_data(**context))
	else:
	return context
	should_render, data = self.get_context(request, *args, **kwargs)
	if should_render:
	form = self.get_form(self.get_form_class())
	data["form"] = form
	return self.render_to_response(self.get_context_data(**data))
	else:
	return data

[Copilot]

Grammar error: 'an in-house applications' should be 'in-house applications' (remove 'an'). Also, there's a missing space after the arrow: 'applications->' should be 'applications ->'.

Suggested change

	# This is useful for in-house applications-> assume an in-house applications
	# This is useful for in-house applications -> assume in-house applications

[dopry]

Rename AuthorizationMixin to AuthorizationViewMixin.

[dopry]

Having the function return the context or response is awkard. It should just return the context.

let the exception throw and hoist the try/except to the get method, so the get method is returning the error_response