added test to ensure that a refresh token is not issue on client credential

Author: synasius

oauth2_provider/tests/test_client_credential.py

@@ -81,6 +81,18 @@ def test_client_credential_access_allowed(self):
         response = view(request)
         self.assertEqual(response, "This is a protected resource")
 
+    def test_client_credential_does_not_issue_refresh_token(self):
+        token_request_data = {
+            'grant_type': 'client_credentials',
+        }
+        auth_headers = self.get_basic_auth_header(self.application.client_id, self.application.client_secret)
+
+        response = self.client.post(reverse('oauth2_provider:token'), data=token_request_data, **auth_headers)
+        self.assertEqual(response.status_code, 200)
+
+        content = json.loads(response.content.decode("utf-8"))
+        self.assertNotIn("refresh_token", content)
+
 
 class TestExtendedRequest(BaseTest):
     @classmethod