Pre-fill user_code by making use of verification_uri_complete#1658
Pre-fill user_code by making use of verification_uri_complete#1658magicbrothers wants to merge 1 commit intodjango-oauth:masterfrom
Conversation
dopry
force-pushed
the
1657-prefill-usercode
branch
from
55e2c94 to
7dc9f71
Compare
There was a problem hiding this comment.
Pull request overview
Updates the device verification view so that user_code can be pre-filled from verification_uri_complete (via the user_code query parameter), aligning the behavior with the documented configuration.
Changes:
- Pre-fill the device verification form’s
user_codefield from?user_code=.... - Document how to configure
OAUTH_DEVICE_VERIFICATION_URI_COMPLETEto include theuser_code.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| oauth2_provider/views/device.py | Adds get_initial() to seed the form with user_code from the query string. |
| docs/tutorial/tutorial_06.rst | Documents configuring OAUTH_DEVICE_VERIFICATION_URI_COMPLETE with user_code. |
| ) | ||
|
|
||
| def get_initial(self): | ||
| return {"user_code": self.request.GET.get("user_code", "")} |
There was a problem hiding this comment.
get_initial() fully replaces the base implementation and may drop any initial values provided by self.initial or parent classes/mixins. Safer is to start from super().get_initial() and then set/override user_code.
| return {"user_code": self.request.GET.get("user_code", "")} | |
| initial = super().get_initial() | |
| initial["user_code"] = self.request.GET.get("user_code", "") | |
| return initial |
| def get_initial(self): | ||
| return {"user_code": self.request.GET.get("user_code", "")} |
There was a problem hiding this comment.
This introduces new behavior (query-string-driven prefill) that should be covered by a unit test to prevent regressions (e.g., request with ?user_code=ABCD-EFGH pre-fills the form; request without the param preserves default initial behavior).
| Ensure the setting ``OAUTH_DEVICE_VERIFICATION_URI`` is set to a URI you want to return in the | ||
| `verification_uri` key in the response. This is what the device will display to the user. | ||
| Optionally, configure ``OAUTH_DEVICE_VERIFICATION_URI_COMPLETE`` to something like | ||
| ``http://127.0.0.1:8000/o/device?user_code={user_code}``. |
There was a problem hiding this comment.
Consider clarifying that the substituted {user_code} should be URL-encoded when constructing the complete URI (especially if deployments customize the user_code format), since this example places it in a query string.
| ``http://127.0.0.1:8000/o/device?user_code={user_code}``. | |
| ``http://127.0.0.1:8000/o/device?user_code={user_code}``, where ``{user_code}`` is URL-encoded before substitution. |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Fixes #1657
Description of the Change
While it was possible to configure
OAUTH_DEVICE_VERIFICATION_URI_COMPLETEbefore, it did not make sense, because one still had to manually type the user code.With my change the form is pre-filled with the value of the GET parameter
user_code.Checklist
CHANGELOG.mdupdated (only for user relevant changes)AUTHORS