exposing only /token/ endpoint to public: Django oauth toolkit

Question

I'm using this plugin which does not require applications creation by any user and any OAuth application can be only added by superuser.

I have this included in the urlpatterns

path('auth/', include('oauth2_provider.urls', namespace='oauth2_provider')),

This is exposing all urls including enpoints for managing applications to the public

auth/ ^authorize/$ [name='authorize']
auth/ ^token/$ [name='token']
auth/ ^revoke_token/$ [name='revoke-token']
auth/ ^introspect/$ [name='introspect']
auth/ ^applications/$ [name='list']
auth/ ^applications/register/$ [name='register']
auth/ ^applications/(?P<pk>[\w-]+)/$ [name='detail']
auth/ ^applications/(?P<pk>[\w-]+)/delete/$ [name='delete']
auth/ ^applications/(?P<pk>[\w-]+)/update/$ [name='update']
auth/ ^authorized_tokens/$ [name='authorized-token-list']
auth/ ^authorized_tokens/(?P<pk>[\w-]+)/delete/$ [name='authorized-token-delete'] 

I want only /token/ endpoint for the public to generate an access token and refresh token.

How can I prevent other endpoints from public and allow only from admin panel?

Answer 1

Remove the package url patterns from your urls.py and explicitly mention the url as,

from oauth2_provider.views import TokenView

urlpatterns = [
    path('auth/', include('oauth2_provider.urls', namespace='oauth2_provider')), # remove this line
    path('auth/token/', TokenView.as_view(), name="token"),
]