Oauth2_authentication | Python Fiddle

import oauth2_provider.views.application as application
import oauth2_provider.views.base as base
from django.forms.models import modelform_factory
from oauth2_provider.models import get_application_model
from django.contrib.auth.mixins import LoginRequiredMixin

from django.http import HttpResponse
from django.utils.decorators import method_decorator
from django.views.decorators.debug import sensitive_post_parameters
from django.views.decorators.csrf import csrf_exempt

from urllib.parse import parse_qsl
import json

class AllowedScope():

def is_member(user, group):
        return user.groups.filter(name=group).exists()

def allowed_scope(request):
        d = {i[0]:i[1] for i in parse_qsl(request.body)}
        if d.get(b'scope') == 'read' and not is_member(request.user, 'reader'):
            return False, True, json.dumps({"error": "scope not allowed for this user"}), 401
        elif d.get(b'scope') == 'write' and not is_member(request.user, 'writer'):
            return False, True, json.dumps({"error": "scope not allowed for this user"}), 401
        elif d.get(b'scope') == None:
            return False, True, json.dumps({"error": "scope of token must be defined"}), 401
        else:
            return True, False, None, None

class MyApplicationRegistration(application.ApplicationRegistration):
    """
    subclass ApplicationRegistration to use custom permissions.
    """

def dispatch(self, request, *args, **kwargs):
        if not request.user.is_superuser:
            return self.handle_no_permission()
        return super(LoginRequiredMixin, self).dispatch(request, *args, **kwargs)

@method_decorator(csrf_exempt, name="dispatch")
class MyTokenView(base.TokenView):

@method_decorator(sensitive_post_parameters("password"))
    def post(self, request, *args, **kwargs):
        correct, token_correct, body, status =  AllowedScope.allowed_scope(request)
        if not correct:
            return  HttpResponse(content=body, status=status)
        url, headers, body, status = self.create_token_response(request)
        response = HttpResponse(content=body, status=status)
        for k, v in headers.items():
            response[k] = v
        return response

Python Fiddle

Python Cloud IDE