I'm using Django OAuth2 toolkit for providing access tokens in a REST API. (The mobile client uses the tokens for its main authentication scheme)
It works pretty well in authenticating users and providing access tokens, but the problem is that not all users should be able to "log in", that is there's a boolean field in the User model which determines whether the user email address is verified or not.
Hence, users that are trying to sign in before that boolean field is set, should receive a different response from the token authentication API.
Is there any standard way for checking that in the Django oauth2 provider library?
thanks in advance, any help would be appreciated.
P.S: The obvious way is creating a middle API view which checks the user first and then calls the oauth library's views but that means extra work for the database which I'm trying to avoid