Add setting for session token ID verification

Author: lnagel

rest_framework_sso/authentication.py

@@ -63,7 +63,7 @@ def authenticate_credentials(self, payload):
 
         user_model = get_user_model()
 
-        if not SessionToken._meta.abstract:
+        if api_settings.VERIFY_SESSION_TOKEN:
             try:
                 SessionToken.objects.active().get(pk=payload.get('sid'), user_id=payload.get('uid'))
             except SessionToken.DoesNotExist:

rest_framework_sso/settings.py

@@ -19,6 +19,7 @@
     'DECODE_ALGORITHMS': None,
     'VERIFY_SIGNATURE': True,
     'VERIFY_EXPIRATION': True,
+    'VERIFY_SESSION_TOKEN': True,
     'EXPIRATION_LEEWAY': 0,
     'SESSION_EXPIRATION': None,
     'AUTHORIZATION_EXPIRATION': datetime.timedelta(seconds=300),