don't allow OAuth2 token creation for "external" users

see: https://github.com/ansible/tower/issues/2326
2026-03-24 04:15:02 -02:30 · 2018-07-10 11:51:37 -04:00
parent d9713f9b3f
commit df0e28ec65
8 changed files with 99 additions and 22 deletions
--- a/awx/api/conf.py
+++ b/awx/api/conf.py
@@ -47,3 +47,14 @@ register(
    category=_('Authentication'),
    category_slug='authentication',
 )
+register(
+    'ALLOW_OAUTH2_FOR_EXTERNAL_USERS',
+    field_class=fields.BooleanField,
+    default=False,
+    label=_('Allow External Users to Create OAuth2 Tokens'),
+    help_text=_('For security reasons, users from external auth providers (LDAP, SAML, '
+                'SSO, Radius, and others) are not allowed to create OAuth2 tokens. '
+                'To change this behavior, enable this setting.'),
+    category=_('Authentication'),
+    category_slug='authentication',
+)