Not existing tokens should return 200 as well

ZuSe · n2ygk · commit 2467913acec5 · 2022-01-01T12:14:14.000-05:00
Compare with https://datatracker.ietf.org/doc/html/rfc7662
diff --git a/oauth2_provider/views/introspect.py b/oauth2_provider/views/introspect.py
@@ -28,7 +28,7 @@ def get_token_response(token_value=None):
                 get_access_token_model().objects.select_related("user", "application").get(token=token_value)
             )
         except ObjectDoesNotExist:
-            return JsonResponse({"active": False}, status=401)
+            return JsonResponse({"active": False}, status=200)
         else:
             if token.is_valid():
                 data = {
@@ -42,7 +42,7 @@ def get_token_response(token_value=None):
                     data["username"] = token.user.get_username()
                 return JsonResponse(data)
             else:
-                return JsonResponse({"active": False})
+                return JsonResponse({"active": False}, status=200)
 
     def get(self, request, *args, **kwargs):
         """
