This permission class is intended for use with either of the
OAuth2Authentication classes, and ties into the scoping that their backends provide.
Requests with a safe methods of
HEAD will be allowed if the authenticated token has read permission.
DELETE will be allowed if the authenticated token has write permission.
django-oauth-plus: Tokens are associated with a
Resourceclass which has a
django-oauth2-provider: Tokens are associated with a bitwise
scopeattribute, that defaults to providing bitwise values for
If you require more advanced scoping for your API, such as restricting tokens to accessing a subset of functionality of your API then you will need to provide a custom permission class. See the source of the
django-oauth2-provider package for more details on scoping token access.