I need to restrict some of my SOAP method so they can only be accessible with an Access Token.
My SOAP service is running with Spyne and my OAuth2 provider comes from django-oauth2-toolkit.
from django.contrib.auth.decorators import login_required
from spyne.service import ServiceBase
from spyne.decorator import srpc, rpc
from oauth2_provider.views.generic import ProtectedResourceView
class SOAPService(ProtectedResourceView, ServiceBase):
@rpc(Unicode, _returns=Unicode)
@login_required()
def HelloWorld(ctx, data):
return "hello"
If I try to send a SOAP request to this function, I got an Error 500 with the following in Spyne's logs:
File "/Library/Python/2.7/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
if HelloWorld_func(request.user):
AttributeError: 'WsgiMethodContext' object has no attribute 'user'
I'm new to both SOAP and OAuth2 and I'm stuck on it. Do you have any clue or best practice on how to make OAuth2 provider check a SOAP access token on a Spyne service ?
