在编写测试时，您应该从测试本身提取任何未测试的内容，通常将任何设置代码放在测试的setUp方法中。在使用OAuth的API测试中，这通常包括测试用户、OAuth应用程序和活动访问令牌。
对于django-oauth-toolkit和其他Django应用程序，我总是推荐使用looking at the tests to see how they do it，这样可以避免进行不必要的API调用，尤其是对于OAuth这样的多部分进程，并且只创建所需的几个模型对象。

def setUp(self):
    self.test_user = UserModel.objects.create_user("test_user", "test@user.com", "123456")

    self.application = Application(
        name="Test Application",
        redirect_uris="http://localhost",
        user=self.test_user,
        client_type=Application.CLIENT_CONFIDENTIAL,
        authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
    )
    self.application.save()

def test_revoke_access_token(self):
    from datetime import datetime
    from django.utils import timezone

    tok = AccessToken.objects.create(
        user=self.test_user, token='1234567890',
        application=self.application, scope='read write',
        expires=timezone.now() + datetime.timedelta(days=1)
    )

在这里，您只需要使用生成的令牌进行身份验证，您可以通过注入Authorization头来完成，或者使用Django REST Framework提供的force_authenticate方法。

我在OAuth2中使用了相同的库，
这对我很有效

from oauth2_provider.settings import oauth2_settings
from oauth2_provider.models import get_access_token_model, 
get_application_model
from django.contrib.auth import get_user_model
from django.utils import timezone
from rest_framework.test import APITestCase

Application = get_application_model()
AccessToken = get_access_token_model()
UserModel = get_user_model()

class Test_mytest(APITestCase):

    def setUp(self):

        oauth2_settings._SCOPES = ["read", "write", "scope1", "scope2", "resource1"]

        self.test_user = UserModel.objects.create_user("test_user", "test@example.com", "123456")

        self.application = Application.objects.create(
                                                name="Test Application",
                                                redirect_uris="http://localhost http://example.com http://example.org",
                                                user=self.test_user,
                                                client_type=Application.CLIENT_CONFIDENTIAL,
                                                authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
                                            )

        self.access_token = AccessToken.objects.create(
                                                    user=self.test_user,
                                                    scope="read write",
                                                    expires=timezone.now() + timezone.timedelta(seconds=300),
                                                    token="secret-access-token-key",
                                                    application=self.application
                                                )
        # read or write as per your choice
        self.access_token.scope = "read"
        self.access_token.save()

        # correct token and correct scope
        self.auth =  "Bearer {0}".format(self.access_token.token)

    def test_success_response(self):

        url = reverse('my_url',)

        # Obtaining the POST response for the input data
        response = self.client.get(url, HTTP_AUTHORIZATION=self.auth)

        # checking wether the response is success
        self.assertEqual(response.status_code, status.HTTP_200_OK)

现在一切都会像预期的那样工作。希望这对你有帮助。谢谢

from oauth2_provider.models import (
get_access_token_model,
get_application_model,
get_id_token_model,
get_refresh_token_model,
)

 class TestOauth(APITestCase):
    def setUp(self):
            """ create and register user """
            self.test_user = User.create..

    def test_oauth_application_and_tokens_add(self):
        print(self.test_user, self.test_user.id)
        """Applications"""
        Application = get_application_model()
        app = Application()
        app.name = "test"
        app.client_type = "confidential"
        app.authorization_grant_type = "password"
        app.user_id = self.test_user.id
        app.save()

        # client_id:
        print("Application Client ID: ", app.client_id)

        # client_secret:
        print("Application Client SECRET: ", app.client_secret)

        """Access Token"""
        AccessToken = get_access_token_model()
        token = AccessToken()
        token.user_id = self.test_user.id
        token.scope = "read write"
        token.expires = timezone.now() + timezone.timedelta(seconds=300)
        token.token = "secret-access-token-key"
        token.application = app
        token.save()

        # token
        print("Access Token: ", token)

        self.auth = "Bearer {0}".format(token.token)

        """ ID Token """
        IDToken = get_id_token_model()
        idt = IDToken()
        idt.user_id = self.test_user.id
        idt.application = app
        idt.expires = timezone.now() + timezone.timedelta(days=10)
        idt.scope = "read write"
        idt.save()

        # id token - returns jti token - successfull
        print("ID Token: ", idt)

        """ Refresh Token """
        RefreshToken = get_refresh_token_model()
        refr = RefreshToken()
        refr.user_id = self.test_user.id
        refr.application = app
        refr.token = "statictoken"  # The token is issued statically.
        refr.access_token = (
            token  # The access token must not have been used before.
        )
        refr.revoked = timezone.now() + timezone.timedelta(days=10)
        refr.save()

        # refresh token
        print("Refresh Token: ", refr)