Bump django-oauth-toolkit to 2.2.* (#2985)

src/pretix/api/models.py

@@ -29,8 +29,8 @@ from oauth2_provider.generators import (
     generate_client_id, generate_client_secret,
 )
 from oauth2_provider.models import (
-    AbstractAccessToken, AbstractApplication, AbstractGrant,
-    AbstractRefreshToken,
+    AbstractAccessToken, AbstractApplication, AbstractGrant, AbstractIDToken,
+    AbstractRefreshToken, ClientSecretField,
 )
 from oauth2_provider.validators import URIValidator
 
@@ -46,7 +46,7 @@ class OAuthApplication(AbstractApplication):
         verbose_name=_("Client ID"),
         max_length=100, unique=True, default=generate_client_id, db_index=True
     )
-    client_secret = models.CharField(
+    client_secret = ClientSecretField(
         verbose_name=_("Client secret"),
         max_length=255, blank=False, default=generate_client_secret, db_index=True
     )
@@ -67,12 +67,26 @@ class OAuthGrant(AbstractGrant):
     redirect_uri = models.CharField(max_length=2500)  # Only 255 in AbstractGrant, which caused problems
 
 
+class OAuthIDToken(AbstractIDToken):
+    application = models.ForeignKey(
+        OAuthApplication, on_delete=models.CASCADE,
+    )
+    organizers = models.ManyToManyField('pretixbase.Organizer')
+
+
 class OAuthAccessToken(AbstractAccessToken):
     source_refresh_token = models.OneToOneField(
         # unique=True implied by the OneToOneField
         'OAuthRefreshToken', on_delete=models.SET_NULL, blank=True, null=True,
         related_name="refreshed_access_token"
     )
+    id_token = models.OneToOneField(
+        OAuthIDToken,
+        on_delete=models.CASCADE,
+        blank=True,
+        null=True,
+        related_name="access_token",
+    )
     application = models.ForeignKey(
         OAuthApplication, on_delete=models.CASCADE, blank=True, null=True,
     )